I think I'm Infected

[Mario64]

MSE is gone. Good. Running a scan with Malwarebytes.

It found 2 PUP.Optional.MultiPlug.A, and 1 PUP.Optional.AmaizingSearches.A. Whenever I run Malwarebytes and scan it finds AmaizingSearches.A, but it's normal when I click my search bar. Scanning with avast now.

[Mario64]

First scan (Outbrowse)

-----------------------

Here is the one before your post:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/17/2014

Scan Time: 10:57:41 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.16.11

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: RAJAN

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 279712

Time Elapsed: 28 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [38c845bb16ea42be3ccf0016857deb15], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [38c845bb16ea42be3ccf0016857deb15], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 5

PUP.Optional.OutBrowse, C:\Documents and Settings\RAJAN\Local Settings\Temp\DownloadManager.exe, Quarantined, [38c845bb16ea42be3ccf0016857deb15], 

PUP.Optional.OutBrowse, C:\Documents and Settings\RAJAN\My Documents\Downloads\Avast PRo & Premier 2014 Cr@Ck.rar, Quarantined, [eb1545bbb05040c0ef017ba2ae52e11f], 

PUP.Optional.OutBrowse, C:\Documents and Settings\RAJAN\Local Settings\Temp\7zO8894.tmp\Downloader_ Setup.exe, Quarantined, [68982fd14bb55aa618d84dd038c87090], 

PUP.Optional.OutBrowse, C:\Documents and Settings\RAJAN\Local Settings\Temp\7zO889F.tmp\Downloader_ Setup.exe, Quarantined, [8779f8082dd38c749c543ce1d42c4fb1], 

PUP.Optional.AmaizingSearches.A, C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "", "http://websearch.amaizingsearches.info/?pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51" ],), Replaced,[e020a55bed135ba518e22f22c73d639d]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

----------------

Here is the scan after your post: (Multiplug)

----------------------

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/17/2014

Scan Time: 4:09:59 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.17.06

Rootkit Database: v2014.03.27.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: RAJAN

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 280299

Time Elapsed: 38 min, 21 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7DD5E91C-3864-77EC-7635-D14910C2A03E}, Quarantined, [c53bcf310af6936da956162e91706b95], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\save net\Jt2iitwYfXe.exe, Quarantined, [c53bcf310af6936da956162e91706b95], 

PUP.Optional.AmaizingSearches.A, C:\Documents and Settings\RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "", "http://websearch.amaizingsearches.info/?pid=2644&r=2014/04/15&hid=13215549405780553739&lg=EN&cc=US&unqvl=51" ],), Replaced,[4bb51ae6ed13ee12d84798bb1be917e9]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

-------------

[kevinf80]

As this seems to show in Malwarebytes scan each its run something is wrong (PUP.Optional.AmaizingSearches.A) Which browsers do you have/use

[Mario64]

I have IE, Firefox, and Google Chrome. I use Google Chrome. If something doesn't work in Chrome, I use IE or Firefox as a backup browser.

[kevinf80]

Ok run the following, tell me if the issue still occurs..

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop.

Double click zip file and extract to your  Desktop:

 

 

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Capture.png[/img]

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;FFdefaults;CHRdefaults;iedefaults;  

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

 

Post the produced log in your next reply…..

[Mario64]

I went to the webpage, and there were 3 options, exe, zip, and rar. I clicked zip and it downloaded. Chrome blocked it and said it was malicious. I closed it and went back to it again and avast blocked the website. You sure it's the right link?

[kevinf80]

Yes the link and Zoek are 100% safe, either accept alerts or just turn your security off

[Mario64]

I can't download it. Google Chrome gave me alerts, and Firefox and IE just sent me to a Problem - page not found page. I disabled malware and phising protection in chrome and I get sent to a page not found page. Please help.

[kevinf80]

Lets totally remove Firefox and start over. Make sure you still have a working Browser available, eg Internet Explorer or similar...

 

Go here: https://support.mozi...m-your-computer and follow those instructions...

 

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

 

(32-bit Windows) C:\Program Files\Mozilla Firefox

(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

 

It is essential the installation folder is removed. Re-boot your system when that is completed....

 

Next,

 

To remove all remaining data and profile information...

 

    Press "Windows key + R" to open the Run box

    In the Run box, type in or copy and paste %APPDATA%

    Click OK. A Windows Explorer window will appear.

    In this window, choose/open in succession Mozilla > Firefox > Profiles.

    Select Delete on each entry in reverse, eg  Profiles > Delete. Firefox > Delete. Mozilla > Delete.

 

 

 

Re-boot your system when complete!

 

Next,

 

Go here: http://www.mozilla.org/en-US/ download and install the latest version of Firefox...

 

Next,

 

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

 

Ensure to find and install AdBlock plus and Flashblock, plus any other addons you normally use.... Now try surfing, see what happens...

 

If Firefox runs ok go back to the Zoek instructions and d/l and run that scan.

[Mario64]

You said:

Go here: https://support.mozi...m-your-computer and follow those instructions...

Can you fix the link?

[kevinf80]

The link works fine for me.. try again https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

[Mario64]

I did what you asked. I ended avast and mbam with Task Manager and went to the link with Firefox. It started to download. Then when I clicked the download bar, it said that the download failed. I tried it again and it went to a page not found page.

[kevinf80]

Ok lets try this a different way...

 

Go here: https://support.google.com/chrome/answer/3296214?hl=en follow those instructions and reset browser settings in Chrome. When that is done add the following :-

 

AdBlock Plus - https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Flash Block   - https://chrome.google.com/webstore/detail/flashblock/gofhjkjmkpinhpoiabjplobcaignabnl?hl=en

 

When those are done continue with IE... go here: http://support.microsoft.com/kb/923737 follow those instructions and reset IE to defaults....

 

We did Firefox earlier, what is the status of your system now, any improvement with browsers?

[Mario64]

The browsers are good, but my system is slow when it starts up and it takes maybe 5-10 minutes for it to "recover." Not sure if this is normal.

[Mario64]

I tried download Zoek with IE, but the download stops at 3.89MB out of 3.9MB. It says the connection with the server was reset.

Zoek downloads from here: https://forums.malwarebytes.org/index.php?showtopic=131391

But, it only has zoek.exe.

[kevinf80]

Zoek.exe is good. will that run?

[Mario64]

When I open it I get a log.txt:

This version of zoek.exe is no longer supported

Go to http://www.hijackthis.nl/smeenk/ and download newest version

[Mario64]

I downloaded zoek.exe and zoek.zip in Chrome. I get a Failed - Network error, but when I download zoek.rar, it's successful. It has zoek.exe, zoek.pif, and zoek.scr.

[kevinf80]

Will one of them run?

[Mario64]

Zoek.pif opens successfully.

[kevinf80]

Will it run to the instructions in reply #30

[Mario64]

Yes. 

---

C:\zoek-results.log

---------------

Zoek.exe v5.0.0.0 Updated 14-April-2014

Tool run by RAJAN on Fri 04/18/2014 at 21:57:01.31.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\RAJAN\Desktop\zoek.com [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

4/18/2014 9:59:52 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3284996926-787306573-3978696968-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully

HKEY_USERS\S-1-5-21-3284996926-787306573-3978696968-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-3284996926-787306573-3978696968-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully

 

==== Running Processes ======================

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\BarracudaAgent\dhcp.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Browny02\Brother\BrStMonW.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Browny02\BrYNSvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\DOCUME~1\RAJAN\LOCALS~1\Temp\RtkBtMnt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

Deleted from C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\wwbfi0q5.default\prefs.js:

 

Added to C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\wwbfi0q5.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

==== Deleting Files \ Folders ======================

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted

C:\Documents and Settings\RAJAN\AppData\LocalLow\{31287CB9-176D-F6B2-2FD5-6BD5E5EA8B98} deleted

C:\Documents and Settings\RAJAN\AppData\LocalLow\{4A33E8B9-1F59-E8A1-F10F-4E1A5426422F} deleted

C:\Documents and Settings\RAJAN\AppData\LocalLow\{5488A462-6E19-4CEE-9BCF-F60A23DA2C85} deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\save net deleted

C:\Program Files\save net deleted

C:\Program Files\Yahoo! deleted

C:\Documents and Settings\RAJAN\Application Data\CamStudio.Producer.ini deleted

C:\Documents and Settings\RAJAN\Application Data\Yahoo! deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallMate deleted

C:\WINDOWS\System32\uxt3B4.tmp deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1\{7DD5E91C-3864-77EC-7635-D14910C2A03E}" deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old" deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted

"C:\DOCUME~1\ALLUSE~1\APPLIC~1\b8c03aa765f7a4f1" deleted

"C:\Documents and Settings\RAJAN\Application Data\GrabPro" deleted

 

==== System Specs ======================

 

Windows: Windows XP Home Edition Service Pack 3 (Build 2600)

Memory (RAM): 1012 MB

CPU Info: Intel® Atom CPU N270   @ 1.60GHz

CPU Speed: 1567.6 MHz

Sound Card: Realtek HD Audio output | 

Display Adapters: Mobile Intel® 945 Express Chipset Family | Mobile Intel® 945 Express Chipset Family | NetMeeting driver | RDPDD Chained DD

Monitors: 1x; Plug and Play Monitor | Plug and Play Monitor | 

Screen Resolution: 1024 X 600 - 32 bit

Network: Network Present

Network Adapters: Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport

CD / DVD Drives: No optical drives found.

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C:  143.2GB

Hard Disks - Free: C:  113.5GB

Manufacturer *: Acer

BIOS Info: AT/AT COMPATIBLE | 10/06/08 | ACRSYS - 1

Time Zone: Eastern Standard Time

Motherboard *: Acer

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Microsoft Security Essentials On-access scanning enabled (Updated)

Anti-Virus: avast! Antivirus On-access scanning enabled (Updated)

Firewall: avast! Antivirus enabled

Default Browser: Google Chrome 34.0.1847.116

Internet Explorer version: 8.0.6001.18702 

Mozilla Firefox version: 28.0 (x86 en-US)

Google Chrome version: 34.0.1847.116

Adobe Reader version: 11.0.04.63

Sun Java version: 1.7.0_51 (32-bit) 

Flash Player version: 12.0.0.70

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

2014-04-17 16:33:37 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\WINDOWS\avastSS.scr

====== C:\DOCUME~1\RAJAN\LOCALS~1\Temp ====

2014-04-17 19:29:44 C51E99DEC44277F5AB1DC779C9B51794 1533640 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Addons\extIE_setup.exe

2014-04-17 19:28:58 739C7CB739191C5F4C0337BCB79127DB 708872 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Addons\ext_setup.exe

2014-04-17 19:28:39 E717F6CE3A7429BFA6D7F3CF66737A4B 15968 --s---r- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Setup.exe

2014-04-17 19:28:37 D2B596FA229E1B03704C9E9C3B4D4AA0 93696 --s---r- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Custom.dll

2014-04-17 19:28:37 BE16F8D320DA824F0DB58EF6D75C75C6 177664 --s---r- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\_Setup.dll

2014-04-17 19:28:31 AF7CE801C8471C5CD19B366333C153C4 275552 --s---r- C:\Documents and Settings\RAJAN\Local Settings\Temp\TsuC9D7710B.dll

2014-04-16 18:46:11 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\erunt\ERUNT.EXE

2014-04-16 18:42:15 33C89FD5D5D19227DE0F5CD4A0D73722 541696 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll

2014-04-16 18:39:17 A1953A905B76837B637863012E8641A9 212992 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe

2014-04-15 23:09:35 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\x86\regsvr32.exe

2014-04-15 23:09:35 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\x64\regsvr32.exe

2014-04-15 23:09:07 71C2EA2B936BA80F4BAD80937B369ADF 1085440 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\Addons\search_installer.exe

2014-04-15 00:35:33 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-AB0000000001}\FixTransforms.exe

====== Java Cache =====

2014-03-29 18:51:40 DB6C9E60B53567DC5B2CBDFA09483136 94 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\10\4f038bca-6.0.lap

2014-03-25 20:24:40 91A2E12D237E31DFB552C1DAC8830393 2633 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13\4216aa4d-242bae40

2014-03-24 00:07:55 BFA9C5536841E08BCE534758141B3867 79 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\14\4fedd1ce-6.0.lap

2014-03-29 18:51:42 FC594A1FD05A1E024227953C6FC03A96 8867 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\5b890a02-11e0cafc

2014-03-25 20:24:17 1229DD87EAA79ADCE1B8E64A22CAA598 149777 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\22\3c36f7d6-5bc7dc04

2014-03-25 20:24:23 BB0421B29678BB6312FA38ED742B4455 460 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26\5bd0c21a-392e2236

2014-03-25 20:24:33 0E56193AEB6136532D00F718C0ED8FAF 3966 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28\4c39c39c-5ee99e1b

2014-03-25 20:24:14 DD3B8B4336F97438388DF34F1F454045 101 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33\301af0a1-6.0.lap

2014-03-25 20:24:23 EAD1098F5EAE8B86CD9EE581D0BCF3AB 16373 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\4867e6a4-2d15b675

2014-03-25 20:24:23 4FF89A65EF2C1BAA8666DE0614D0A627 469 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\e4f6ea4-6841e2f5

2014-03-25 20:24:35 12BE7A6EA700106F0D5DB7930B623AEF 77538 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\286e4d73-3d6fd934

2014-03-24 00:07:58 96671B8597CD7E9BA341FAC9495F9ED3 206969 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\8aaa878-74550ab8

====== C:\WINDOWS\system32 =====

[Mario64]

(continued)

2014-04-17 16:33:54 6A85CD15AB3981ED506CD03F2E6E007F 271264 ----a-w- C:\WINDOWS\System32\aswBoot.exe

====== C:\WINDOWS\system32\drivers =====

2014-04-17 16:34:07 B2D7EE52633CA8831DDAFCA81C2D46C3 180632 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys

2014-04-17 16:34:07 AF01CD260A9EF60B09029C9F5EF99040 57672 ----a-w- C:\WINDOWS\System32\drivers\aswTdi.sys

2014-04-17 16:34:06 EBD3B15E2E01EE94BA5262FAFC691A8E 411552 ----a-w- C:\WINDOWS\System32\drivers\aswSP.sys

2014-04-17 16:34:06 A148A36F871BFDBF80654D28D6B59FAE 776976 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys

2014-04-17 16:34:05 24B3BDA01DB3A704E33A5266C7B52DAF 49944 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys

2014-04-17 16:34:04 4D6C6E0505A8E5A0656DCB223497D37C 24184 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys

2014-04-17 16:34:04 1A2CC93BBD77C2D95A7567938D7D7239 67824 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys

2014-04-17 16:34:03 46B3ABE51856A9F5B2ABBA0221F4C360 54832 ----a-w- C:\WINDOWS\System32\drivers\aswRdr.sys

2014-04-17 16:34:00 903CAF22AEA9D84B0191FEA5F5D483A4 26136 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys

2014-04-17 16:33:59 D822B332D213D6F3B8DE8EF0470D4A1B 252464 ----a-w- C:\WINDOWS\System32\drivers\aswNdis2.sys

2014-04-17 16:32:09 7B948E3657BEA62E437BC46CA6EF6012 12112 ----a-w- C:\WINDOWS\System32\drivers\aswNdis.sys

2014-04-15 23:49:08 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

====== C:\WINDOWS\Tasks ======

2014-04-18 15:47:31 7E02158024F54B4FCA4C66A7C752C1D4 384 ---ha-w- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-04-17 16:35:01 6078F53B5BC481F814C4D4D114DFC2E7 362 ---ha-w- C:\WINDOWS\Tasks\avast! Emergency Update.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-04-16 22:36:34 -------- d-----w- C:\Program Files\ESET

2014-03-21 00:06:07 -------- d-----w- C:\Program Files\Scratch

======= C: =====

2014-04-17 14:00:58 DF60689B536DFC092BFE1BCEC2B92C7C 15580 -c--a-w- C:\FixitRegBackup.reg

2014-04-17 13:37:53 0D4269489016F6642918968D8BB12BEC 4538 -c--a-w- C:\DelFix.txt

====== C:\Documents and Settings\RAJAN\Application Data ======

2014-04-18 16:35:35 -------- d-----w- C:\Documents and Settings\RAJAN\Application Data\Mozilla

2014-04-17 19:29:40 -------- d-----w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Torch

2014-04-17 19:29:39 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch

2014-04-15 23:06:14 -------- d-----w- C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch

2014-04-15 23:06:13 -------- d-----w- C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch

2014-04-15 23:06:13 -------- d-----w- C:\Documents and Settings\Guest\Local Settings\Application Data\Torch

2014-04-15 23:06:13 -------- d-----w- C:\Documents and Settings\ASPNET\Local Settings\Application Data\Torch

2014-04-15 23:06:11 -------- d-----w- C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo

2014-04-15 23:06:11 -------- d-----w- C:\Documents and Settings\RAJAN\Local Settings\Application Data\Comodo

2014-04-15 23:06:11 -------- d-----w- C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo

2014-04-15 23:06:10 -------- d-----w- C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google

2014-04-15 23:06:10 -------- d-----w- C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo

2014-04-15 23:06:10 -------- d-----w- C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo

2014-04-15 23:06:10 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo

2014-04-15 23:06:09 -------- d-----w- C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google

2014-04-15 23:06:09 -------- d-----w- C:\Documents and Settings\Guest\Local Settings\Application Data\Google

2014-04-15 23:06:08 -------- d-----w- C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google

2014-04-01 00:19:39 -------- d-----w- C:\Documents and Settings\RAJAN\Application Data\Stencyl

2014-03-23 21:12:39 -------- d-----w- C:\Documents and Settings\RAJAN\Application Data\X-Chat 2

2014-03-21 00:06:39 -------- d-----w- C:\Documents and Settings\RAJAN\Start Menu\Programs\Scratch

====== C:\Documents and Settings\RAJAN ======

2014-04-17 16:15:25 -------- d--h--r- C:\Documents and Settings\RAJAN\Recent

2014-04-15 23:06:10 -------- d-----w- C:\Documents and Settings\SUPPORT_388945a0\Local Settings

2014-04-15 23:06:09 -------- d-----w- C:\Documents and Settings\HelpAssistant\Local Settings

2014-04-15 23:06:09 -------- d-----w- C:\Documents and Settings\Guest\Local Settings

2014-04-15 23:06:08 -------- d-----w- C:\Documents and Settings\ASPNET\Local Settings

2014-04-12 17:53:20 D664BC7C709568CAFEA60003CFD665E8 74 ----a-w- C:\Documents and Settings\RAJAN\My Documents\faster.bat

2014-04-01 00:45:53 86E8357DE12392F51A3EEF3BF1748CB2 38 ----a-w- C:\Documents and Settings\RAJAN\.haxelib

2014-04-01 00:45:50 91B2CE52D164CB82FD74CF9D6E7C48E3 1866 ----a-w- C:\Documents and Settings\RAJAN\.hxcpp_config.xml

2014-04-01 00:45:37 5363ABE8A3A9C0F25332E4A69B1FADDF 64 ----a-w- C:\Documents and Settings\RAJAN\mm.cfg

2014-03-24 00:08:34 791A07BEB1847742A3BCAC4BC8AB9DD5 47 ----a-w- C:\Documents and Settings\RAJAN\.jupload.properties

 

====== C: exe-files ==

2014-04-18 20:33:53 64357E1B16160F75EACC5C74DD523C7A 1277150 ----a-w- C:\RECYCLER\S-1-5-21-3284996926-787306573-3978696968-1006\Dc23.exe

2014-04-18 16:33:31 AEE4E9CC59CDEB55B1ECB0E596E796BE 119408 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

2014-04-18 16:29:16 D9BECA9EC52F2C7A038C9B771B174FCB 25200168 ----a-w- C:\Documents and Settings\RAJAN\My Documents\Downloads\Firefox Setup 28.0.exe

2014-04-18 16:17:02 35148C1FA372A4A7AB08017462D53A23 282880 ----a-w- C:\Documents and Settings\RAJAN\My Documents\Downloads\Firefox Setup Stub 28.0.exe

2014-04-17 19:29:44 C51E99DEC44277F5AB1DC779C9B51794 1533640 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Addons\extIE_setup.exe

2014-04-17 19:28:58 739C7CB739191C5F4C0337BCB79127DB 708872 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Addons\ext_setup.exe

2014-04-17 19:28:39 E717F6CE3A7429BFA6D7F3CF66737A4B 15968 --s---r- C:\Documents and Settings\RAJAN\Local Settings\Temp\{B39AB5F8-D01D-4C13-AEF8-983F6879970E}\Setup.exe

2014-04-17 16:33:54 6A85CD15AB3981ED506CD03F2E6E007F 271264 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2014-04-16 18:46:11 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\erunt\ERUNT.EXE

2014-04-16 18:39:17 A1953A905B76837B637863012E8641A9 212992 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\RtkBtMnt.exe

2014-04-15 23:09:35 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\x86\regsvr32.exe

2014-04-15 23:09:35 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\x64\regsvr32.exe

2014-04-15 23:09:07 71C2EA2B936BA80F4BAD80937B369ADF 1085440 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{1AA561A8-2A46-4A2D-A8C6-6264C146435E}\Addons\search_installer.exe

2014-04-15 00:35:33 3F512AF8DB108FCA028BA731CE0B4700 224408 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-AB0000000001}\FixTransforms.exe

=== C: other files ==

2014-04-18 16:42:30 7E1C072961BE0D108C81AB91BD89D687 957290 ----a-w- C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\wwbfi0q5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

2014-04-18 16:42:28 7E1C072961BE0D108C81AB91BD89D687 957290 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\tmp-c9p.xpi

2014-04-18 00:56:31 2A4A40DBDFF82940CED492CE1845F900 2916835 ----a-w- C:\Documents and Settings\RAJAN\My Documents\Downloads\Blargboard-master.zip

2014-04-17 16:59:35 0BE698F395AA369093DC3DC477F9A7BD 614309 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\scoped_dir_2740_171\aswWebRepChrome.crx

2014-04-17 16:34:07 B2D7EE52633CA8831DDAFCA81C2D46C3 180632 ----a-w- C:\WINDOWS\system32\drivers\aswVmm.sys

2014-04-17 16:34:07 AF01CD260A9EF60B09029C9F5EF99040 57672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2014-04-17 16:34:06 EBD3B15E2E01EE94BA5262FAFC691A8E 411552 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2014-04-17 16:34:06 A148A36F871BFDBF80654D28D6B59FAE 776976 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys

2014-04-17 16:34:05 24B3BDA01DB3A704E33A5266C7B52DAF 49944 ----a-w- C:\WINDOWS\system32\drivers\aswRvrt.sys

2014-04-17 16:34:04 4D6C6E0505A8E5A0656DCB223497D37C 24184 ----a-w- C:\WINDOWS\system32\drivers\aswHwid.sys

2014-04-17 16:34:04 1A2CC93BBD77C2D95A7567938D7D7239 67824 ----a-w- C:\WINDOWS\system32\drivers\aswMonFlt.sys

2014-04-17 16:34:03 46B3ABE51856A9F5B2ABBA0221F4C360 54832 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2014-04-17 16:34:00 903CAF22AEA9D84B0191FEA5F5D483A4 26136 ----a-w- C:\WINDOWS\system32\drivers\aswKbd.sys

2014-04-17 16:33:59 D822B332D213D6F3B8DE8EF0470D4A1B 252464 ----a-w- C:\WINDOWS\system32\drivers\aswNdis2.sys

2014-04-17 16:32:09 7B948E3657BEA62E437BC46CA6EF6012 12112 ----a-w- C:\WINDOWS\system32\drivers\aswNdis.sys

2014-04-16 18:46:09 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\TDL4.bat

2014-04-16 18:46:09 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\medfos.bat

2014-04-16 18:46:09 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\modules.bat

2014-04-16 18:46:09 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\searchlnk.bat

2014-04-16 18:46:09 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\firefox.bat

2014-04-16 18:46:09 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\ev_clear.bat

2014-04-16 18:46:09 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\runvalues.bat

2014-04-16 18:46:09 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\delorphans.bat

2014-04-16 18:46:09 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\get.bat

2014-04-16 18:46:09 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\prelim.bat

2014-04-16 18:46:09 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\chrome.bat

2014-04-16 18:46:09 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\misc.bat

2014-04-16 18:46:09 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\ask.bat

2014-04-16 18:46:09 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\iexplore.bat

2014-04-16 18:46:09 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\JRT.bat

2014-04-16 18:46:09 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\FWPolicy.bat

2014-04-16 18:46:09 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Documents and Settings\RAJAN\Local Settings\Temp\jrt\delfolders.bat

2014-04-15 23:49:08 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

2014-04-14 17:15:24 F8133BC54C6452BF268DE68BE24C0D2E 871963 ----a-w- C:\Documents and Settings\RAJAN\My Documents\Dropbox\NSMBW rankset.zip

2014-04-14 17:12:44 F8133BC54C6452BF268DE68BE24C0D2E 871963 ----a-w- C:\Documents and Settings\RAJAN\My Documents\Downloads\Blargboard-master\ranksets\NSMBW.zip

2014-04-12 17:53:20 D664BC7C709568CAFEA60003CFD665E8 74 ----a-w- C:\Documents and Settings\RAJAN\My Documents\faster.bat

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

 

[HKEY_USERS\S-1-5-21-3284996926-787306573-3978696968-1006\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"Alcmtr"="ALCMTR.EXE"

"AzMixerSel"="C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE"

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"

"PLFSetL"="C:\WINDOWS\PLFSetL.exe"

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun"

"BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN"

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

 

==== Startup Registry Disabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CS6ServiceManager"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

"DivXUpdate"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

"USB2Check"="RUNDLL32.EXE \"C:\\WINDOWS\\system32\\PCLECoInst.dll\",CheckUSBController"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

 

 

==== Startup Folders ======================

 

2014-01-15 23:42:34 408 ----a-w- C:\Documents and Settings\RAJAN\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms

2014-01-18 13:29:20 1028 ----a-w- C:\Documents and Settings\RAJAN\Start Menu\Programs\Startup\Dropbox.lnk

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []

C:\WINDOWS\tasks\avast\Undetermined Task.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/04/2014 05:30 PM]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/04/2014 05:30 PM]

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job --ah----- [undetermined Task]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/17/2014 12:33 PM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\wwbfi0q5.default

- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Documents and Settings\RAJAN\Application Data\Mozilla\Firefox\Profiles\wwbfi0q5.default

E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update

D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash

6B34823748BD3C10EB2816858025AFE9 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5

233F187A5425045011A0DD51F8B48E0F - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5

81CB790A6AD230090086C644DC871FC3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5

4AD1613FEDB87B4B18CADE745235A625 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5

1FBB6E454767A5B43DD980C7DE5D89F6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13

69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

55F213A61B82B6174B02881562FE20A0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player

B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

 

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/17/2014 12:32 PM]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[05/06/2013 04:12 AM]

 

savve neT - Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

savve neT - ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - ASPNET\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - ASPNET\Local Settings\Application Data\Torch\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - RAJAN\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - RAJAN\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - RAJAN\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - RAJAN\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - RAJAN\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

Last updated at time on date - RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

APNG - RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp

FlashBlock - RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl

Google Wallet - RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

DivX Plus Web Player HTML5 \u003Cvideo> - RAJAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

savve neT - RAJAN\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - RAJAN\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - RAJAN\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - RAJAN\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - RAJAN\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - RAJAN\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

savve neT - SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

savve neT - SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\fhhhkfpllmheeekophimjgdapnpefmkb

Speedy Shopper - SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

YoutubeAdblocker - SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\ggnpbngdpjoohpiiecapdpmaglcancpb

sAvve Net - SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\ilcbnmagmhlffongpaajikgnbblfjbfg

SNT - SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\klndflcljakdfapachnpoedldjiepgpj

 

 

[Mario64]

Actually, since this file is too big to post, I'll post a link to it:

 

https://www.dropbox.com/s/5w3wvmsara1uyr5/zoek-results.log

Oh, I could have attached it. And, MSE is still there. I'm going to try doing that uninstall thing you said earlier. 

My startup takes too long. When I launch Google Chrome, it takes forever to open, and forever to adjust and become unfrozen.

[Mario64]

I tried GeekUninstaller, but MSE isn't on the list. Same with Perfect Uninstaller and Add/Remove Programs.

And I can't find the folder of MSE in Program Files, yet MSE works perfectly.