Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Widows 7 Google chrome keeps redirecting to a different site


(!)

relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
27-Jul-2013, 09:30 PM #1
Exclamation Widows 7 Google chrome keeps redirecting to a different site
Widows 7 Google chrome keeps redirecting to a different site and sometimes there are strange window pop ups that are somewhat related to this problem.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:00 PM, on 7/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SocialSearchBar_App - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
O2 - BHO: Secret Feedback - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
O2 - BHO: Search Assistant BHO - {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Toolbar BHO - {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
O3 - Toolbar: MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\windows\V0350Mon.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MyFunCardsService (MyFunCards_5mService) - COMPANYVERS_NAME - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19081 bytes


----------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Editha Teves at 19:06:45 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3335 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dmwu.exe
C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
C:\windows\SysWOW64\schtasks.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\msiexec.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
BHO: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
BHO: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: InboxAce: {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
TB: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
uRun: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
mRun: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
mRun: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-5-3 45856]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.1 44\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-7-24 2827728]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-6-19 1453872]
R2 InboxAce_1gService;InboxAceService;C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc. exe [2013-6-27 42504]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
R2 MyFunCards_5mService;MyFunCardsService;C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar svc.exe [2013-3-5 42504]
R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2013-3-5 42504]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-29 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-07-24 12:34:32 -------- d-----w- C:\Program Files (x86)\LessTabs
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
2013-07-24 12:34:25 -------- d-----w- C:\ProgramData\BrowserDefender
2013-07-24 12:34:23 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\BabSolution
2013-07-24 12:34:22 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Delta
2013-07-24 12:34:22 -------- d-----w- C:\Program Files (x86)\Delta
2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
2013-07-04 14:40:10 -------- d-----w- C:\Users\Editha Teves\AppData\Local\InboxAce_1g
2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
2013-06-28 01:25:36 -------- d-----w- C:\Program Files (x86)\InboxAce_1g
.
==================== Find3M ====================
.
2013-06-27 01:35:46 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-21 12:53:10 1453872 ----a-w- C:\windows\System32\dmwu.exe
2013-05-21 12:52:14 33792 ----a-w- C:\windows\System32\ImHttpComm.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:08:59.21 ===============

---------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2012 9:30:01 AM
System Uptime: 7/27/2013 5:57:21 PM (2 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 599.239 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 6/22/2013 11:31:45 AM - Scheduled Checkpoint
RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
RP97: 7/11/2013 5:40:11 PM - Windows Update
RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
RP99: 7/27/2013 6:00:51 PM - Windows Update
RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
24x7 Help
Active Protection System
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Advanced Video FX Engine
AppGraffiti
AVG 2013
AVG SafeGuard toolbar
Best Buy pc app
BioExcess
BrowserDefender
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
CyberLink YouCam
D3DX10
Delta Chrome Toolbar
Delta toolbar
DomaIQ
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
FlashPlayer
FriendsChecker
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
IB Updater Service
iLivid
Inbox Toolbar
InboxAce Toolbar
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Intel® PROSet/Wireless WiMAX Software
Internet Explorer Toolbar 4.7 by SweetPacks
Junk Mail filter update
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
LessTabs
LogMeIn
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
My Scrap Nook Toolbar
MyFunCards Toolbar
Norton PC Checkup
Optimizer Pro v3.0
PC Power Speed 1.0.0.24
Port Locker
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RebateInformer
Searchqu Toolbar
Secret Feedback
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 5.10
SocialSearchBar_App Toolbar
Supreme Savings
Synaptics Pointing Device Driver
UnfriendMonkey
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Updater By SweetPacks 2.0.0.609
VeriFace
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.3
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/27/2013 5:51:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
.
==== End Of File ===========================


------------------------------------------


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-27 19:27:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698.64GB
Running: m1orurn5.exe; Driver: C:\Users\EDITHA~1\AppData\Local\Temp\fwtyquoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800033f2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\user32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x59c628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x59c668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x59c5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x59c528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x59c728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x59c768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x59c6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x59c6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x59c468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x59c4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x59c428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x59c5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x59c568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x59c4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x713e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x713e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x713da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x713d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x713f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x713f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x713ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x713ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x713c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x713ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x713c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x713de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x713d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x713ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x113228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x113268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x1131a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x113128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x113328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x113368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x1132e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x1132a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x113068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x1130a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x113028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x1131e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x113168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x1130e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x11a228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x11a268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x11a1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x11a128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x11a328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x11a368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x11a2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x11a2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x11a068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x11a0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x11a028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x11a1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x11a168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x11a0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0xd63e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0xd63e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0xd63da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0xd63d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0xd63f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0xd63f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0xd63ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0xd63ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0xd63c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0xd63ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0xd63c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0xd63de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0xd63d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0xd63ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x724628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x724668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x7245a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x724528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x724728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x724768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x7246e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x7246a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x724468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x7244a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x724428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x7245e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x724568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x7244e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776a3ae0 5 bytes JMP 000000016ffe0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776a7a90 5 bytes JMP 000000016ffe00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtClose 00000000776d1400 8 bytes JMP 000000016fff01f0
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776d1430 8 bytes JMP 000000016fff0180
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtQueryValueKey 00000000776d1480 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776d14e0 8 bytes JMP 000000016fff0148
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000776d1910 8 bytes JMP 000000016fff0110
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteKey 00000000776d1e70 8 bytes JMP 000000016fff0228
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00000000776d1ea0 8 bytes JMP 000000016fff0260
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776d2260 8 bytes JMP 000000016fff01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\system32\ole32.DLL!CoCreateInstance 000007fefe6c7490 11 bytes JMP 000007fffe6900d8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
.text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!LoadLibraryExA] [7fef174c860] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cf20] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryA] [7fef174d040] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cfb0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryW] [7fef174d0d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryA] [7fef174cbc0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryW] [7fef174cc50] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryA] [7fef174d4c0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d3a0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d430] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryW] [7fef174d550] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegDeleteKeyW] [7feee1cae90] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExA] [7fef174d160] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExW] [7fef174d1f0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryA] [7fef174d280] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryW] [7fef174d310] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegGetUSValueW] [7feee1cb420] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHSetValueW] [7feee1cad20] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHDeleteKeyW] [7feee1cacb0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegSetUSValueW] [7feee1cb4e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d8b0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryW] [7fef174d9d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryA] [7fef174d940] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d820] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cce0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cd70] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryW] [7fef174ce90] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{90905B57-FBC8-4104-AABF-48F984044B5A}\Connection@Name isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDBF1A12-36DC-462F-B648-E9C0AD469705}\Connection@Name isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}"?"{CDBF1A12-36DC-462F-B648-E9C0AD469705}"?"{90905B57-FBC8-4104-AABF-48F984044B5A}"?"{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}"?"{86C24373-07DF-4388-AA05-770B16B1D6F7}"?"{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}"?"{3E973146-3A73-434D-9107-A100724F184B}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\TCPIP6TUNNEL_{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\TCPIP6TUNNEL_{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\TCPIP6TUNNEL_{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\TCPIP6TUNNEL_{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\TCPIP6TUNNEL_{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\TCPIP6TUNNEL_{3E973146-3A73-434D-9107-A100724F184B}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@InterfaceName isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@InterfaceName isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10312
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)

---- EOF - GMER 2.1 ----

Last edited by relicon; 27-Jul-2013 at 09:42 PM..
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
27-Jul-2013, 10:07 PM #2
Hello relicon, and Welcome to the forum!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    >>>Absence of symptoms does not mean that everything is clear.<<<


I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
27-Jul-2013, 10:43 PM #3
Hello relicon,

I noticed you are using the following program: LogMeIn If you are using this for business, it is vital you be upfront and tell me now.
It is not that I do not want to help you, it is that the tools we use change policies, close ports, and remove program files related to business programs as they cannot tell what is for business and what is malware.
If you do use this for business, this could very well disrupt your ability to connect to any business server you use on line.

If you do use this for business, STOP. Do not continue and post back stating so.

otherwise;

Please be very careful about how you answer the questions for uninstalling the programs I listed for you to uninstall.
Some of the questions are worded to trick you into keeping the program, making removal quite difficult.

Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Adobe Reader 9.5.1
      AVG SafeGuard toolbar
      Delta Chrome Toolbar
      Delta toolbar
      DomaIQ
      IB Updater Service
      iLivid
      Inbox Toolbar
      InboxAce Toolbar
      Internet Explorer Toolbar 4.7 by SweetPacks
      LessTabs
      My Scrap Nook Toolbar
      MyFunCards Toolbar
      Norton PC Checkup
      Optimizer Pro v3.0
      PC Power Speed 1.0.0.24
      Searchqu Toolbar
      SocialSearchBar_App Toolbar
      Supreme Savings
      Updater By SweetPacks 2.0.0.609
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.



Step 2.
DDS Scan
  1. DDS[/url] Should still be on your desktop.
    Disable any script blocking software you have running before running DDS.
  2. Please double click dds.com to run the tool. (File name will be different if alternate download used).
  3. Please right mouse click and select "Run As Administrator" on dds.com to run the tool. (File name will be different if alternate download used).
    If you are using DDS.com, a black window will open with some additional instructions and comments... There is no need to change the default settings.
  4. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  5. Please post both the DDS.txt and Attach.txt files in your next reply.



Please include in your next reply:
  1. Contents of DDS.txt log
  2. Contents of Attach.txt log
  3. Any problem executing the instructions?

Thanks,
wbg
relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
28-Jul-2013, 03:29 AM #4
I don't use LogMeIn for business.
I also uninstalled the programs that were listed and I did notice a big difference.
All those unwanted redirect and pop up windows are gone.
I am incredibly happy right now for your amazing help! Thanks a billion times!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Editha Teves at 1:17:24 on 2013-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4137 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\24x7Help\App24x7Help.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\24x7Help\App24x7Hook.exe
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
.
==================== Find3M ====================
.
2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 1:17:49.77 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2012 9:30:01 AM
System Uptime: 7/28/2013 12:59:38 AM (1 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 599.358 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
RP97: 7/11/2013 5:40:11 PM - Windows Update
RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
RP99: 7/27/2013 6:00:51 PM - Windows Update
RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
RP101: 7/27/2013 11:09:10 PM - Removed Adobe Reader 9.5.1.
RP102: 7/27/2013 11:14:23 PM - Removed Microsoft .NET Framework 4 Extended
RP103: 7/27/2013 11:15:42 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
RP104: 7/27/2013 11:44:34 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
.
==== Installed Programs ======================
.
24x7 Help
Active Protection System
Adobe Flash Player 11 ActiveX
Advanced Video FX Engine
AppGraffiti
AVG 2013
Best Buy pc app
BioExcess
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
CyberLink YouCam
D3DX10
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
FlashPlayer
FriendsChecker
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Intel® PROSet/Wireless WiMAX Software
Junk Mail filter update
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
LogMeIn
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Norton PC Checkup
PC Power Speed 1.0.0.24
Port Locker
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RebateInformer
Secret Feedback
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 5.10
Synaptics Pointing Device Driver
UnfriendMonkey
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VeriFace
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.3
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/28/2013 1:00:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/27/2013 11:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IPsec Policy Agent service, but this action failed with the following error: An instance of the service is already running.
7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
7/27/2013 11:20:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
7/27/2013 11:20:33 PM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
.
==== End Of File ===========================
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
28-Jul-2013, 10:51 AM #5
Hi relicon,

There are 5 more programs that need to be removed.

Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      24x7 Help
      Norton PC Checkup
      PC Power Speed 1.0.0.24
      RebateInformer
    • Secret Feedback
  4. Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.



Step 2.
Junkware Removal Tool
  • Please download and run the following program: JRT.exe
  • Right-click JRT.exe and select " Run as administrator " to run it.
  • When the program is finished running, post the log JRT.txt in your next reply.



Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



Please include in your next reply:
  1. Contents of JRT.txt
  2. Contents of OTL.txt
  3. Contents of Extras.txt
  4. Any problem executing the instructions?

Thanks,
wbg

Last edited by wannabeageek; 28-Jul-2013 at 11:33 AM.. Reason: aditional program removal
relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
28-Jul-2013, 12:20 PM #6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x64
Ran by Editha Teves on Sun 07/28/2013 at 9:24:28.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{cc99a798-fd3d-4ab4-969e-6071612524f9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{9 5b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{d a71fd14-5f7b-46ae-b8b1-44074a38f331}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{0247 8d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{f25a f245-4a81-40dc-92f9-e9021f207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appgraffiti.appgraffitijs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi 32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasman cs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3239904
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully deleted: [File] C:\windows\syswow64\sho3053.tmp
Successfully deleted: [File] C:\windows\syswow64\shoE81.tmp
Successfully deleted: [File] "C:\Users\EDITHA~1\AppData\Local\Temp\searchqutoolbar-manifest.xml"
Successfully deleted: [File] "C:\windows\s.bat"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\appgraffiti"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Program Files (x86)\appgraffiti"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\friendschecker"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appgraffiti"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{0FFA5BD3-6C89-4FC1-B657-638380058071}
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{19995384-ADFB-4C25-9012-865531D36BA3}
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{5FC5BB2A-E845-4BC4-80E6-2EA405AE7A18}
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{76020CCC-10BD-4FBF-8998-06FA89F54277}
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{F2095D78-6EFC-4A78-984F-49235798B12E}
Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{FC305746-C7BE-44F5-85F4-C139369C038A}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/28/2013 at 9:31:19.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OTL logfile created on: 7/28/2013 9:34:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Editha Teves\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.56% Memory free
11.83 Gb Paging File | 9.84 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 601.66 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.24 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOSETEVES-PC | User Name: Editha Teves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/28 09:32:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/10/10 00:51:05 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/12/24 05:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/20 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/13 17:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/12/13 17:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010/12/13 17:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010/11/20 21:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/11/05 12:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/11/05 12:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/10/22 08:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/08/23 01:03:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0350Mon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/10 00:51:04 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/14 04:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/06/14 04:26:20 | 000,986,112 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/11/02 07:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 07:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 07:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/09 03:52:52 | 000,047,712 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/12 07:44:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/08 08:17:59 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/20 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/13 17:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/12/13 17:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/22 08:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/08 08:17:54 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 08:08:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 08:08:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/10 01:06:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/10/10 01:06:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/10/10 01:04:23 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/10/10 01:04:21 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/10/10 00:50:51 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2011/10/10 00:44:44 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/10/10 00:44:44 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/10/10 00:44:44 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 07:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/05/19 07:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/05/19 07:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/02/18 02:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 05:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/22 06:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 03:06:34 | 008,200,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/11/30 23:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/30 00:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/08 21:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/31 04:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/11 08:21:56 | 000,135,776 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/12/09 03:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/07/21 08:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/29 01:03:00 | 000,214,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vid.sys -- (VF0350Vid)
DRV:64bit: - [2007/06/11 01:01:02 | 000,214,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Afx.sys -- (VF0350Afx)
DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2013/06/01 20:14:03 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 30 70 BB 68 89 CE 01 [binary data]
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Editha Teves\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Editha Teves\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/10/10 00:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\info@friendschecker. com: C:\Program Files (x86)\FriendsChecker\Firefox\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendmonk ey.com: C:\Program Files (x86)\UnfriendMonkey\Firefox\ [2012/12/08 04:12:40 | 000,000,000 | ---D | M]

[2013/07/24 06:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryFor Suggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter} ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Secret Feedback = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Gmail = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/28 09:32:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
[2013/07/28 09:24:25 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/28 01:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/28 00:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/27 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/27 19:01:31 | 000,000,000 | ---D | C] -- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/24 06:34:28 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins
[2013/07/24 06:34:28 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions
[2013/07/24 06:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/11 17:46:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/11 17:46:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/11 17:46:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 17:46:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/11 17:46:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/11 17:46:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/11 17:46:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/11 17:46:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/11 17:46:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/11 17:46:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/11 17:46:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 17:46:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/11 17:46:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/11 17:46:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/11 17:46:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/11 08:08:41 | 000,000,000 | ---D | C] -- C:\Users\Editha Teves\AppData\Roaming\Mozilla
[2013/07/11 07:39:08 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/11 07:39:08 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/11 07:39:07 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/11 07:39:06 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/11 07:38:46 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/08 22:25:40 | 000,000,000 | -HSD | C] -- C:\found.002
[2013/07/01 16:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretFeedback

========== Files - Modified Within 30 Days ==========

[2013/07/28 09:32:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
[2013/07/28 09:28:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 09:28:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 09:26:10 | 000,780,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/28 09:26:10 | 000,660,990 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/28 09:26:10 | 000,121,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/28 09:20:30 | 000,134,942 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/07/28 09:20:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/28 09:19:56 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/07/28 09:19:52 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 01:40:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/28 01:15:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/28 01:14:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2248509849-1098968737-2228260666-1003UA.job
[2013/07/28 00:51:37 | 000,002,283 | ---- | M] () -- C:\Users\Editha Teves\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/28 00:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/28 00:32:40 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/27 19:01:31 | 000,003,007 | ---- | M] () -- C:\Users\Editha Teves\Desktop\HiJackThis.lnk
[2013/07/27 18:05:55 | 000,774,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/07/18 15:13:26 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2248509849-1098968737-2228260666-1003Core1ce21995c22ec9e.job
[2013/07/11 17:53:57 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/07/28 01:40:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/28 00:32:40 | 000,002,283 | ---- | C] () -- C:\Users\Editha Teves\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/28 00:32:40 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/27 19:01:31 | 000,003,007 | ---- | C] () -- C:\Users\Editha Teves\Desktop\HiJackThis.lnk
[2012/02/06 10:55:25 | 000,774,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/10 09:35:57 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/10/10 09:35:57 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/10/10 09:35:57 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/10/10 09:35:57 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/10/10 09:35:57 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/10/10 09:35:57 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/10/10 09:35:57 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/10/10 09:35:57 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/10/10 09:35:57 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/10/10 09:35:57 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/10/10 09:35:57 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/10/10 09:35:56 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/10/10 00:51:08 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/10/10 00:51:08 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/10/10 00:51:07 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/10/10 00:51:07 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/10/10 00:51:02 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


OTL Extras logfile created on: 7/28/2013 9:34:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Editha Teves\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.56% Memory free
11.83 Gb Paging File | 9.84 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 601.66 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.24 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JOSETEVES-PC | User Name: Editha Teves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0DBCA82A-80B8-4439-BD00-2187EAF1B28B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{14D720DC-E366-45FB-9902-7FAB50275292}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{27535F4F-F36F-4281-BB63-A47319E96ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{350BB6EF-5DBE-415E-AE99-1D97C5C8269B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B43EE1E-10D0-4BBA-8054-EDD83F217A96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BD34EBF-F4E0-42A9-B70F-01781CE45010}" = rport=139 | protocol=6 | dir=out | app=system |
"{56AD9F92-F30D-424B-A2C9-8AE6B94BCB5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6140E554-FE98-486B-ADA4-BB30B7288BE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{66BEE78E-F3F4-4C4C-9A6C-6F8E8A578233}" = lport=2869 | protocol=6 | dir=in | app=system |
"{89E759A2-3235-4C3B-AF07-BDA4A61B0FAA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FAB542F-5368-442F-A40E-2EE10CC09579}" = rport=138 | protocol=17 | dir=out | app=system |
"{9A250DF7-F631-4006-BE30-248229BF9D5E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B0DFD69-CAA2-47A3-A264-912BEC760149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F9A1375-3559-475D-8A65-2122B3B73761}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA166CC8-15C0-4C6C-A04A-99ABA56B0F42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA8A7D02-0C78-4539-B2D7-0B556613E1F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADA2166F-CEAE-4C95-9486-D2E28FC6FADC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5B3B3B6-DAD3-41A7-9D5F-560475BD0559}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BD22FD12-34DC-4171-B93E-0E76A74179DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE533F0-7189-4373-B1EF-AAB845D7238E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C10D9C1A-E73E-4451-ADE0-97B5297BB339}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C33E3799-5CB3-4AEE-83C6-B9C289D1DC9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{C59A141C-0136-47B1-8BBB-0A0F0986ADF2}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{10F88F9B-7E89-4753-B267-6C56A5EA7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{18574A1F-E5D1-4C89-8289-7E32EF26F58A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1A0171BC-52A7-4D41-80DD-5067C2CC9287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{205F52FA-20B3-4037-9748-501C180F3CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21A67B5B-C79B-48E2-A273-88A8EA24A10D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D33D15-6CF7-4CA5-9190-A2BF7E716F16}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{226FAD5A-4319-473D-895E-4F264A8FF0A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2529CBC2-1C49-4745-B92D-0927E4C9FDD1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{27B2C580-B514-4F64-9DCE-039A6A76BBF6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{3613AE99-044E-47C3-9ACD-DAD8F33E9049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{37E6DE4F-4E2A-4013-9A26-8CBC26805B60}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{3BDC7665-0F76-4307-9F43-AA77A6881B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{45FD4D73-5A39-429A-8047-BECB3BD0E18F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{47B8472E-ABD6-47C3-ADF3-A79E5FC45BBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4DE1AD86-4C60-46BE-BD31-6833510D665B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{536A97D5-5BCB-4D26-BB8F-97DF96767094}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AF503E8-42E7-4ED0-8337-E2A7DD263DE4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5E166523-4F72-412B-B29D-B7EC28CA3DE3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5E57A840-0EDC-4D70-8D55-62E4031FF49D}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{60429611-B5A9-45C1-85DB-240AAA93D6F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6745B2EA-BE41-4208-A4CE-14FEEC13BA87}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{68F56E46-A7D5-4B61-A039-DA6231C92601}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6954D550-4B24-4016-897A-502EDD26A6E9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6D2E5B69-C756-4842-94E3-6B726EB8CABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74AF28BF-64F9-419F-B476-926B86B0F0C8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7EFC31E6-5E8C-447B-93ED-79CEA2C4ABF6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{876B2B72-58D9-4BA3-A665-E50AA72A3575}" = protocol=6 | dir=out | app=system |
"{8830FB3D-2582-4847-9590-2EAE163FCFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{94D6A29C-300B-4EB9-8FEA-9F5B2B6AF4F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A36B90F7-2813-446D-B991-4C56305295C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A846B62A-13E0-441F-BE98-CB64539BCC30}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{AA84BA3C-A8F3-49D2-88CD-D5055F25164E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{ABC5FA35-F80A-4D05-83F6-DBB687FE770C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE5E9618-0FA0-4940-86C8-C395481D0AD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1A4B19B-8329-4CD2-831E-2199868BD906}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B9D5D6C9-31AD-4BFA-AA95-C470EB2486AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BEEDA41A-EFA9-41A1-B661-9C2449D8D351}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF824A4A-273D-4CC2-908A-92B30C6A2753}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C74A9598-B9CD-4823-83E3-57075B5BE39B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CD871DB2-B993-4E93-A9D7-C61A09F2FB69}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{D1F4EA81-6401-4AF1-8F0E-5A2FB12D074C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB702ED0-00F5-43D8-80DF-C9C96FBA6B39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E259FBA1-1953-4BE7-A172-26C3A301471A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E39DF138-BCA2-49EC-BEE6-8ED1A4B44E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E8FDFBEB-A4DA-4D5B-8766-FFDF24EBA5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F25A9289-3F30-4BD9-AB78-53AA2524B055}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F89528A5-FDA0-4666-8375-EB7E69767192}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA38C771-9FF4-4A18-9BC1-B0CE45A5669C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FD06BBED-AE85-4BD2-95AA-45A48B4B5874}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
"{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.24
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Video FX Engine" = Advanced Video FX Engine
"FriendsChecker" = FriendsChecker
"Google Chrome" = Google Chrome
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SecretFeedback" = Secret Feedback
"UnfriendMonkey" = UnfriendMonkey
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e55b814e55744b76" = Best Buy pc app

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 7/28/2013 11:41:35 AM | Computer Name = JoseTeves-PC | Source = DCOM | ID = 10010
Description =


< End of report >
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
28-Jul-2013, 06:34 PM #7
Hello relicon,

Please run the following:

Step 1.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
    CHR - Extension: Secret Feedback = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0\
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1"=-
    "SecretFeedback"=-
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code:
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt




Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?

Thanks,
wbg
relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
28-Jul-2013, 08:57 PM #8
Nope, no problem executing the instructions at all. The computer is behaving very well. It doesn't have any unwanted redirects or pop ups anymore. Thanks again


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9E3331-D360-4f87-8803-52DE43566502}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
File C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B0 C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Sec retFeedback not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Editha Teves
->Temp folder emptied: 55063646 bytes
->Temporary Internet Files folder emptied: 10645099 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 523 bytes

User: Guest
->Temp folder emptied: 885979970 bytes
->Temporary Internet Files folder emptied: 187078237 bytes
->Google Chrome cache emptied: 90344569 bytes
->Flash cache emptied: 72901 bytes

User: ISPuser
->Temp folder emptied: 944974 bytes
->Temporary Internet Files folder emptied: 808336 bytes
->Google Chrome cache emptied: 856432 bytes

User: Jose Teves
->Temp folder emptied: 196842241 bytes
->Temporary Internet Files folder emptied: 347194850 bytes
->Google Chrome cache emptied: 7196571 bytes
->Flash cache emptied: 7392 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4156337 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 1010809 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,705.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07282013_165114




SystemLook 30.07.11 by jpshortstuff
Log created at 18:44 on 28/07/2013 by Editha Teves
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
C:\Users\Guest\AppData\Local\iLivid\iLivid.exe --a---- 3439616 bytes [11:23 13/03/2013] [11:52 20/01/2013] D5FC2EA934CBC5EF6140DEE011984DFA
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_de.qm --a---- 32485 bytes [11:23 13/03/2013] [11:51 20/01/2013] E38586374B7462948E741513ACA73469
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_en.qm --a---- 23 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4AEF4415F2E976B2CC6F24B877804A57
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_es.qm --a---- 31308 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4F81DFF25D4A9D62AE6F00188F20DD95
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_fr.qm --a---- 33782 bytes [11:23 13/03/2013] [11:51 20/01/2013] 74E8B1351C97B563C6150589ECA02669
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_it.qm --a---- 31432 bytes [11:23 13/03/2013] [11:51 20/01/2013] 1CB37F7FF96D25B3409F4143FA433E04
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_pt.qm --a---- 28820 bytes [11:23 13/03/2013] [11:51 20/01/2013] 9DAD581B07E6F8FA319F78E9D327191C
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_tr.qm --a---- 29146 bytes [11:23 13/03/2013] [11:51 20/01/2013] BBAE9B0AEA7697753FCDBC353D42FC38
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1040 bytes [11:24 13/03/2013] [11:24 13/03/2013] 81CB49289E90AF43C390454D529EA1E0
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1046 bytes [11:24 13/03/2013] [11:24 13/03/2013] DB2DD2072856A3DDC4D50208F3D8BD6A
C:\Users\Guest\Desktop\iLivid.lnk --a---- 1038 bytes [11:24 13/03/2013] [11:24 13/03/2013] A7543542A85ECB937EF32EB970044AED

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\70Y9K715\www.searchquotes[1].xml --a---- 13 bytes [19:37 14/04/2013] [19:37 14/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Searchnu*"
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 5120 bytes [05:22 14/03/2013] [13:10 21/04/2013] 0D37AC5EDCB63EF2FAAA5D89BE14346E
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 5672 bytes [05:22 14/03/2013] [13:10 21/04/2013] 820BD804DCC6F87E85D107FDAE69C7C8

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr d------ [11:23 13/03/2013]
C:\Users\Jose Teves\AppData\LocalLow\DataMngr d------ [16:02 07/07/2012]

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
C:\Users\Guest\AppData\Local\iLivid d------ [11:23 13/03/2013]
C:\Users\Guest\AppData\Local\iLivid\iLivid d------ [11:24 13/03/2013]

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityID"="CT3239904"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityID"="CT3239904"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
"MultiCommunityID"="CT3239904"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\DynConIE]
"cache.www.pchealthboost.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1476_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
<newjs>
<![CDATA[
var scp = document.createElement('script');
scp.text = 'window["puConfig"] = {'
+ 'PartnerId: "970",'
+ 'Version: "1002006020",'
+ 'urlid: 300,'
+ 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
+ 'NameShort4: "SFBK",'
+ 'HostUrl: "http://www.pchealthboost.com/",'
+ 'HostDomain: "secretfeedbackapp.com",'
+ 'MaxPerDaySinceMidnite: "4",'
+ 'PopUnderLastShownKey: "pu.lastShown",'
+ 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
+ 'AdOnChance: 0.9,'
+ 'AdInfoText: "Ad Info"'
+ '};'
+ 'window["ADNConfig"] = window["puConfig"];';
try {
var h = document.getElementsByTagName("HEAD")[0];
h.appendChild(scp);

}catch (e) {}
]]>
</newjs>

[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_ LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
"cache.www.secretfeedbackapp.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
<newjs>
<![CDATA[
var scp = document.createElement('script');
scp.text = 'window["puConfig"] = {'
+ 'PartnerId: "970",'
+ 'Version: "1002006020",'
+ 'urlid: 300,'
+ 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
+ 'NameShort4: "SFBK",'
+ 'HostUrl: "http://www.secretfeedbackapp.com/",'
+ 'HostDomain: "secretfeedbackapp.com",'
+ 'MaxPerDaySinceMidnite: "4",'
+ 'PopUnderLastShownKey: "pu.lastShown",'
+ 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
+ 'AdOnChance: 0.9,'
+ 'AdInfoText: "Ad Info"'
+ '};'
+ 'window["ADNConfig"] = window["puConfig"];';
try {
var h = document.getElementsByTagName("HEAD")[0];
h.appendChild(scp);

}catch (e) {}
]]>
</newj
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
"cache.d11vdn9ox0j18d.cloudfront.net.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1146_1263_1348_1482_1493"><content id="puConfig_2052A3DD">
<newjs>
<![CDATA[
var scp = document.createElement('script');
scp.text = 'window["puConfig"] = {'
+ 'PartnerId: "970",'
+ 'Version: "1002006020",'
+ 'urlid: 300,'
+ 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
+ 'NameShort4: "SFBK",'
+ 'HostUrl: "http://d11vdn9ox0j18d.cloudfront.net/",'
+ 'HostDomain: "secretfeedbackapp.com",'
+ 'MaxPerDaySinceMidnite: "4",'
+ 'PopUnderLastShownKey: "pu.lastShown",'
+ 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
+ 'AdOnChance: 0.9,'
+ 'AdInfoText: "Ad Info"'
+ '};'
+ 'window["ADNConfig"] = window["puConfig"];';
try {
var h = document.getElementsByTagName("HEAD")[0];
h.appendChild(scp);

}catch (e) {}
]]>
</newjs>
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
"cache.www.pchealthboost.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1476_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
<newjs>
<![CDATA[
var scp = document.createElement('script');
scp.text = 'window["puConfig"] = {'
+ 'PartnerId: "970",'
+ 'Version: "1002006020",'
+ 'urlid: 300,'
+ 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
+ 'NameShort4: "SFBK",'
+ 'HostUrl: "http://www.pchealthboost.com/",'
+ 'HostDomain: "secretfeedbackapp.com",'
+ 'MaxPerDaySinceMidnite: "4",'
+ 'PopUnderLastShownKey: "pu.lastShown",'
+ 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
+ 'AdOnChance: 0.9,'
+ 'AdInfoText: "Ad Info"'
+ '};'
+ 'window["ADNConfig"] = window["puConfig"];';
try {
var h = document.getElementsByTagName("HEAD")[0];
h.appendChild(scp);

}catch (e) {}
]]>
</newjs>

[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_ LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\co nduit_CT3239904\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\DynConIE]
"cache.cdncache1-a.akamaihd.net.content"="<package expire="3600" es="914" pcdids="v51_1520_1164_1146_1169_1479_1348_1480_1482_1493_1521"><content id="MB_P1">
<newjs>
<![CDATA[

(function () {
try {
var txt = '(function(){'
+'var e={register:function(e,t,n,r,i,s){if(!this.groups[e]){return false}var o={id:t,freq:n,max:r,maxReset:i,cb:s};this.groups[e].tasks[t]=o;return true},registerAntiTask:function(e,t){if(!this.antiTasks){return false}var n={id:e,cb:t};this.antiTasks.push(n);return true},registerAntiTask2:function(e,t,n,r,i,s){if(!this.antiTasks){return false}var o={id:e,anti:t,freq:n,max:r,maxReset:i,cb:s};this.antiTasks2.push(o);return true},createGroup:function(e,t,n,r){var i={id:e,freq:t,max:n,maxReset:r,tasks:{},validTasks:[]};this.groups[e]=i},groups:{},antiTasks:[],antiTasks2:[]};'
+'e.createGroup("HPA",30,null,null);'
+'window["0C9E
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_ LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERS ION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\con duit_CT3239904\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\Datamngr]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_F]
"DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_S]
"DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_V]
"DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_F]
"DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{2421d847-721c-404f-87b4-bbd2b95d1087}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_S]
"DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_V]
"DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{2421d847-721c-404f-87b4-bbd2b95d1087}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_F]
"DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{EEE6C35B-6118-11DC-9C72-001320C79847}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_S]
"DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_V]
"DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{EEE6C35B-6118-11DC-9C72-001320C79847}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_F]
"DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_F]
"DependentValue"="Software\DataMngr_Toolbar\Values\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_S]
"DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_V]
"DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_V]
"DependentValue"="Software\DataMngr_Toolbar\Values\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player]
"InstallPath"="C:\Program Files (x86)\iLivid"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player]
"player_path"="C:\Program Files (x86)\iLivid\VLC\vlc.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player\hosts\ilivid.com]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\iLivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\iLivid]
"Home"="C:\Users\Guest\AppData\Local\iLivid"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\player]
"player_path"="C:\Users\Guest\AppData\Local\iLivid\VLC\vlc.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\player\hosts\ilivid.com]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Guest\AppDat a\Local\iLivid]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Guest\AppData\Local\iLivid]

Searching for "IObit"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SMANCS]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=342&systemid=406&q="
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=342&systemid=406&q="
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=342&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=342&systemid=406&q="
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=342&systemid=406&q="
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=319&systemid=406&apn_dtid=BND406&apn_ptnrs =AG6&o=APN10645&apn_uid=3537575531154241&qu={searchTerms}&ft=json"

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
"HomePage"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\Files\ChromeHomepage]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\List\Item2]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
"HomePage"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\Files\ChromeHomepage]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\List\Item2]
"Value"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Tarma"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\DynConIE]
"JS\CD1C3ECF.1298752207 friends"="%7B%22522490198%22%3A%7B%22uid%22%3A522490198%2C%22photo%22%3A%22 https%3A//fbcdn-profile-a.akamaihd.net/hprofile-ak-prn1/49080_522490198_1903604802_q.jpg%22%2C%22type%22%3A%22user%22%2C%22text%22% 3A%22Theresa%20Aloha%20Eleazar%20Chua-Esmeralda%22%2C%22path%22%3A%22/theresaaloha.eleazarchuaesmeralda%22%2C%22category%22%3A%22Stockton%2C%20Ca lifornia%22%2C%22needs_update%22%3Atrue%2C%22non_title_tokens%22%3A%22stock ton%2C%20california%22%2C%22names%22%3A%5B%22Theresa%20Aloha%20Eleazar%20Ch ua-Esmeralda%22%5D%7D%2C%22522546270%22%3A%7B%22uid%22%3A522546270%2C%22photo% 22%3A%22https%3A//fbcdn-profile-a.akamaihd.net/hprofile-ak-snc7/369280_522546270_1466291682_q.jpg%22%2C%22type%22%3A%22user%22%2C%22text%22 %3A%22Soy%20Fabio%20Concepcion%22%2C%22path%22%3A%22/soy.f.concepcion%22%2C%22category%22%3A%22Triangle%2C%20Virginia%22%2C%22ne eds_update%22%3Atrue%2C%22non_title_tokens%22%3A%22trian

Searching for "trolltech"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.sear ch-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com ":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q"," search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigs eekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.c om":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword ","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q ","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s" ,"www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","searc h.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www. searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Yontoo"
No data found.

-= EOF =-
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
28-Jul-2013, 09:13 PM #9
Hi relicon,

There still appears to be a lot of junk left to remove.
Please run the following and post as each scan completes.

Step 1.
AdwCleaner - Search
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Search.
  4. A logfile C:\AdwCleaner[R1].txt will automatically open after the scan has finished.
  5. Please post the content of the C:\AdwCleaner[R1].txt logfile in your next reply.



Step 2.
AdwCleaner - Fix
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Delete.
  4. Select OK at each prompt. When done, your computer will be rebooted automatically.
  5. A logfile C:\AdwCleaner[S1].txt will automatically open after the scan has finished.
  6. Please post the content of the C:\AdwCleaner[S1].txt logfile in your next reply.



Step 3.
SystemLook should still be on your Desktop.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code:
    :filefind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *Bandoo*
    *Community*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    Bandoo
    Community
    Conduit
    datamngr
    Fun4IM
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of C:\AdwCleaner[R1].txt
  2. Contents of C:\AdwCleaner[S1].txt
  3. Contents of SystemLook.txt
  4. Any problem executing the instructions?
  5. How is the computer behaving?

Thanks,
wbg

Last edited by wannabeageek; 28-Jul-2013 at 09:14 PM.. Reason: typo
relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
29-Jul-2013, 12:37 PM #10
No problems executing the instructions. The computer is working perfectly fine. No unwanted pop ups and/or redirects or any virus messages.

# AdwCleaner v2.306 - Logfile created 07/29/2013 at 09:54:32
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Editha Teves - JOSETEVES-PC
# Boot Mode : Normal
# Running from : C:\Users\Editha Teves\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Jose Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\ISPuser\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10662 octets] - [28/07/2013 18:00:00]
AdwCleaner[R2].txt - [962 octets] - [29/07/2013 09:54:32]
AdwCleaner[S1].txt - [10774 octets] - [28/07/2013 18:00:49]

########## EOF - C:\AdwCleaner[R2].txt - [1082 octets] ##########


# AdwCleaner v2.306 - Logfile created 07/29/2013 at 10:02:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Editha Teves - JOSETEVES-PC
# Boot Mode : Normal
# Running from : C:\Users\Editha Teves\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Jose Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\ISPuser\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10662 octets] - [28/07/2013 18:00:00]
AdwCleaner[R2].txt - [1151 octets] - [29/07/2013 09:54:32]
AdwCleaner[S1].txt - [10774 octets] - [28/07/2013 18:00:49]
AdwCleaner[S2].txt - [1083 octets] - [29/07/2013 10:02:01]

########## EOF - C:\AdwCleaner[S2].txt - [1143 octets] ##########


SystemLook 30.07.11 by jpshortstuff
Log created at 10:14 on 29/07/2013 by Editha Teves
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Community*"
No files found.

Searching for "*Conduit*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*iLivid*"
C:\Users\Guest\AppData\Local\iLivid\iLivid.exe --a---- 3439616 bytes [11:23 13/03/2013] [11:52 20/01/2013] D5FC2EA934CBC5EF6140DEE011984DFA
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_de.qm --a---- 32485 bytes [11:23 13/03/2013] [11:51 20/01/2013] E38586374B7462948E741513ACA73469
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_en.qm --a---- 23 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4AEF4415F2E976B2CC6F24B877804A57
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_es.qm --a---- 31308 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4F81DFF25D4A9D62AE6F00188F20DD95
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_fr.qm --a---- 33782 bytes [11:23 13/03/2013] [11:51 20/01/2013] 74E8B1351C97B563C6150589ECA02669
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_it.qm --a---- 31432 bytes [11:23 13/03/2013] [11:51 20/01/2013] 1CB37F7FF96D25B3409F4143FA433E04
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_pt.qm --a---- 28820 bytes [11:23 13/03/2013] [11:51 20/01/2013] 9DAD581B07E6F8FA319F78E9D327191C
C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_tr.qm --a---- 29146 bytes [11:23 13/03/2013] [11:51 20/01/2013] BBAE9B0AEA7697753FCDBC353D42FC38
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1040 bytes [11:24 13/03/2013] [11:24 13/03/2013] 81CB49289E90AF43C390454D529EA1E0
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1046 bytes [11:24 13/03/2013] [11:24 13/03/2013] DB2DD2072856A3DDC4D50208F3D8BD6A
C:\Users\Guest\Desktop\iLivid.lnk --a---- 1038 bytes [11:24 13/03/2013] [11:24 13/03/2013] A7543542A85ECB937EF32EB970044AED

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\70Y9K715\www.searchquotes[1].xml --a---- 13 bytes [19:37 14/04/2013] [19:37 14/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Searchnu*"
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 5120 bytes [05:22 14/03/2013] [13:10 21/04/2013] 0D37AC5EDCB63EF2FAAA5D89BE14346E
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 5672 bytes [05:22 14/03/2013] [13:10 21/04/2013] 820BD804DCC6F87E85D107FDAE69C7C8

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Community*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr d------ [11:23 13/03/2013]
C:\Users\Jose Teves\AppData\LocalLow\DataMngr d------ [16:02 07/07/2012]

Searching for "*Fun4IM*"
No folders found.

Searching for "*iLivid*"
C:\Users\Guest\AppData\Local\iLivid d------ [11:23 13/03/2013]
C:\Users\Guest\AppData\Local\iLivid\iLivid d------ [11:24 13/03/2013]

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Community"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
@="CLSID_ICommunityTransport"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

Searching for "Fun4IM"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]

Searching for "IObit"
No data found.

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SMANCS]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
"HomePage"="http://www.searchnu.com/406"
[HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
"HomePage"="http://www.searchnu.com/406"

Searching for "Tarma"
No data found.

Searching for "trolltech"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
wannabeageek's Avatar
wannabeageek wannabeageek is offline wannabeageek is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 282 posts.
 
Join Date: Nov 2009
Location: Somewhere in California
Experience: Advanced
29-Jul-2013, 10:09 PM #11
Hi relicon,

Please run the following:

Step 1.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
    [-HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
    
    :Files
    C:\Users\Guest\AppData\Local\iLivid
    C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    C:\Users\Guest\Desktop\iLivid.lnk
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal
    C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr
    C:\Users\Jose Teves\AppData\LocalLow\DataMngr
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.


C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 2.
SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code:
    :filefind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *searchab*
    *Funmoods*
    *iLivid*
    *Searchnu*
    *smartbar*
    *Vafmusic2*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *searchab*
    *Funmoods*
    *iLivid*
    *Searchnu*
    *smartbar*
    *Vafmusic2*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    searchab
    Funmoods
    iLivid
    Searchnu
    smartbar
    Vafmusic2
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?

Thanks,
wbg
relicon's Avatar
relicon relicon is offline
Member with 44 posts.
THREAD STARTER
 
Join Date: Sep 2007
01-Aug-2013, 12:04 AM #12
I'm sorry I should have told you this earlier.

My grandma already left; she spent living at home with us for 3 days.

It was actually her laptop that needed to be fixed. The good news is she told me that there is definitely a big difference.

No more pop ups, virus messages, and redirects. I greatly appreciate all of your time and expertise, your consistent and helpful instructions on this case made her laptop behave very well again.

Thank you so much for helping me fix my grandma's laptop! We are both happy.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑