1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Widows 7 Google chrome keeps redirecting to a different site

Discussion in 'Virus & Other Malware Removal' started by relicon, Jul 27, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    Widows 7 Google chrome keeps redirecting to a different site and sometimes there are strange window pop ups that are somewhat related to this problem.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:03:00 PM, on 7/27/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
    C:\Windows\V0350Mon.exe
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\Windows\SysWOW64\jmdp\stij.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12bar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SocialSearchBar_App - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
    O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
    O2 - BHO: Secret Feedback - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
    O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
    O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
    O2 - BHO: Search Assistant BHO - {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
    O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
    O2 - BHO: Toolbar BHO - {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbar.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: SocialSearchBar_App Toolbar - {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
    O3 - Toolbar: MyFunCards - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
    O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
    O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [V0350Mon.exe] C:\windows\V0350Mon.exe
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
    O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    O4 - HKLM\..\Run: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
    O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBUpdaterService - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
    O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: MyFunCardsService (MyFunCards_5mService) - COMPANYVERS_NAME - C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
    O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 19081 bytes


    ----------------------------------------------------------------------------------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635
    Run by Editha Teves at 19:06:45 on 2013-07-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3335 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\windows\system32\dmwu.exe
    C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
    C:\windows\SysWOW64\schtasks.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
    C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe
    C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\TPHDEXLG64.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
    C:\Windows\V0350Mon.exe
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
    C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\24x7Help\App24x7Help.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\jmdp\stij.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\msiexec.exe
    C:\windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\windows\SysWOW64\NOTEPAD.EXE
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\svchost.exe -k WbioSvcGroup
    C:\windows\system32\igfxsrvc.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mURLSearchHooks: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
    BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
    BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
    BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll
    BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
    BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
    BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll
    BHO: Search Assistant BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll
    BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
    BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
    BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    BHO: Toolbar BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
    BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: InboxAce: {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: SocialSearchBar_App Toolbar: {2421d847-721c-404f-87b4-bbd2b95d1087} - C:\Program Files (x86)\SocialSearchBar_App\prxtbSoci.dll
    TB: MyFunCards: {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll
    TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll
    TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll
    uRun: [Best Buy pc app] C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
    mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
    mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h
    mRun: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe
    mRun: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~2\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h
    mRun: [MyScrapNook_12 Browser Plugin Loader] C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [InboxAce Search Scope Monitor] "C:\PROGRA~2\INBOXA~2\bar\1.bin\1gsrchmn.exe" /m=2 /w /h
    mRun: [InboxAce_1g Browser Plugin Loader] C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbrmon.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
    x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
    x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
    x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
    R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
    R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-5-3 45856]
    R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
    R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
    R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
    R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
    R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-7-24 2827728]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
    R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
    R2 IBUpdaterService;IBUpdaterService;C:\windows\System32\dmwu.exe [2013-6-19 1453872]
    R2 InboxAce_1gService;InboxAceService;C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe [2013-6-27 42504]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
    R2 MyFunCards_5mService;MyFunCardsService;C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe [2013-3-5 42504]
    R2 MyScrapNook_12Service;My Scrap NookService;C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe [2013-3-5 42504]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2013-3-29 132504]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
    R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
    S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
    S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-07-24 12:34:32 -------- d-----w- C:\Program Files (x86)\LessTabs
    2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
    2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
    2013-07-24 12:34:25 -------- d-----w- C:\ProgramData\BrowserDefender
    2013-07-24 12:34:23 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\BabSolution
    2013-07-24 12:34:22 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Delta
    2013-07-24 12:34:22 -------- d-----w- C:\Program Files (x86)\Delta
    2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
    2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
    2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
    2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
    2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
    2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
    2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
    2013-07-04 14:40:10 -------- d-----w- C:\Users\Editha Teves\AppData\Local\InboxAce_1g
    2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
    2013-06-28 01:25:36 -------- d-----w- C:\Program Files (x86)\InboxAce_1g
    .
    ==================== Find3M ====================
    .
    2013-06-27 01:35:46 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
    2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
    2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
    2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-05-21 12:53:10 1453872 ----a-w- C:\windows\System32\dmwu.exe
    2013-05-21 12:52:14 33792 ----a-w- C:\windows\System32\ImHttpComm.dll
    2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 19:08:59.21 ===============

    ---------------------------------------------------------------------------------------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2012 9:30:01 AM
    System Uptime: 7/27/2013 5:57:21 PM (2 hours ago)
    .
    Motherboard: LENOVO | | Emerald Lake
    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 1584/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 655 GiB total, 599.239 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP95: 6/22/2013 11:31:45 AM - Scheduled Checkpoint
    RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
    RP97: 7/11/2013 5:40:11 PM - Windows Update
    RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
    RP99: 7/27/2013 6:00:51 PM - Windows Update
    RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    Active Protection System
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Advanced Video FX Engine
    AppGraffiti
    AVG 2013
    AVG SafeGuard toolbar
    Best Buy pc app
    BioExcess
    BrowserDefender
    Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
    CyberLink YouCam
    D3DX10
    Delta Chrome Toolbar
    Delta toolbar
    DomaIQ
    EgisTec ES603 WDM Driver
    Energy Management
    ES603 WDM Driver
    FlashPlayer
    FriendsChecker
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    IB Updater Service
    iLivid
    Inbox Toolbar
    InboxAce Toolbar
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    Intel® PROSet/Wireless WiMAX Software
    Internet Explorer Toolbar 4.7 by SweetPacks
    Junk Mail filter update
    Lenovo EasyCamera
    Lenovo EE Boot Optimizer
    Lenovo OneKey Recovery
    Lenovo Security Suite
    LessTabs
    LogMeIn
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    My Scrap Nook Toolbar
    MyFunCards Toolbar
    Norton PC Checkup
    Optimizer Pro v3.0
    PC Power Speed 1.0.0.24
    Port Locker
    Power2Go
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    RebateInformer
    Searchqu Toolbar
    Secret Feedback
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skype™ 5.10
    SocialSearchBar_App Toolbar
    Supreme Savings
    Synaptics Pointing Device Driver
    UnfriendMonkey
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Updater By SweetPacks 2.0.0.609
    VeriFace
    Visual Studio 2010 x64 Redistributables
    VLC media player 1.0.3
    Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/27/2013 5:51:42 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
    7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
    7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
    7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
    7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
    7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
    .
    ==== End Of File ===========================


    ------------------------------------------


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-27 19:27:50
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698.64GB
    Running: m1orurn5.exe; Driver: C:\Users\EDITHA~1\AppData\Local\Temp\fwtyquoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033f2000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800033f2036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe[1464] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe[1560] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe[1604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\24x7Help\App24x7Svc.exe[1268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\windows\SysWOW64\schtasks.exe[2284] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe[2896] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\PROGRA~2\MYSCRA~2\bar\1.bin\12barsvc.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe[3520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\user32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe[3568] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3276] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[5084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[5524] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe[5564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[5572] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[5580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe[5660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Windows\V0350Mon.exe[5716] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe[5736] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe[5816] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe[5860] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe[5904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\24x7Help\App24x7Help.exe[6096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe[5080] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Windows\SysWOW64\jmdp\stij.exe[5468] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[3904] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\24x7Help\App24x7Hook.exe[5636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x59c628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x59c668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x59c5a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x59c528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x59c728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x59c768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x59c6e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x59c6a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x59c468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x59c4a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x59c428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x59c5e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x59c568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x59c4e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7732] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x713e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x713e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x713da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x713d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x713f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x713f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x713ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x713ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x713c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x713ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x713c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x713de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x713d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x713ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x113228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x113268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x1131a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x113128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x113328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x113368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x1132e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x1132a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x113068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x1130a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x113028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x1131e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x113168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x1130e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7636] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x11a228; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x11a268; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x11a1a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x11a128; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x11a328; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x11a368; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x11a2e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x11a2a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x11a068; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x11a0a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x11a028; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x11a1e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x11a168; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x11a0e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0xd63e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0xd63e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0xd63da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0xd63d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0xd63f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0xd63f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0xd63ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0xd63ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0xd63c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0xd63ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0xd63c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0xd63de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0xd63d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0xd63ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007787f991 7 bytes {MOV EDX, 0x724628; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007787fbd5 7 bytes {MOV EDX, 0x724668; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007787fc05 7 bytes {MOV EDX, 0x7245a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007787fc1d 7 bytes {MOV EDX, 0x724528; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007787fc35 7 bytes {MOV EDX, 0x724728; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007787fc65 7 bytes {MOV EDX, 0x724768; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007787fce5 7 bytes {MOV EDX, 0x7246e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007787fcfd 7 bytes {MOV EDX, 0x7246a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007787fd49 7 bytes {MOV EDX, 0x724468; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007787fe41 7 bytes {MOV EDX, 0x7244a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077880099 7 bytes {MOV EDX, 0x724428; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778810a5 7 bytes {MOV EDX, 0x7245e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007788111d 7 bytes {MOV EDX, 0x724568; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077881321 7 bytes {MOV EDX, 0x7244e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776a3ae0 5 bytes JMP 000000016ffe0110
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776a7a90 5 bytes JMP 000000016ffe00d8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtClose 00000000776d1400 8 bytes JMP 000000016fff01f0
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000776d1430 8 bytes JMP 000000016fff0180
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtQueryValueKey 00000000776d1480 8 bytes JMP 000000016fff00d8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtCreateKey 00000000776d14e0 8 bytes JMP 000000016fff0148
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000776d1910 8 bytes JMP 000000016fff0110
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteKey 00000000776d1e70 8 bytes JMP 000000016fff0228
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 00000000776d1ea0 8 bytes JMP 000000016fff0260
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\SYSTEM32\ntdll.dll!NtOpenKeyEx 00000000776d2260 8 bytes JMP 000000016fff01b8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5204] C:\windows\system32\ole32.DLL!CoCreateInstance 000007fefe6c7490 11 bytes JMP 000007fffe6900d8
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\user32.DLL!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[7884] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\windows\SysWOW64\NOTEPAD.EXE[2856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\windows\SysWOW64\NOTEPAD.EXE[5456] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2
    .text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\USER32.dll!DialogBoxParamW 000000007707cfca 5 bytes JMP 0000000174864970
    .text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076da1465 2 bytes [DA, 76]
    .text C:\Users\Editha Teves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULBG0W1C\m1orurn5.exe[7416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076da14bb 2 bytes [DA, 76]
    .text ... * 2

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!LoadLibraryExA] [7fef174c860] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cf20] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryA] [7fef174d040] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cfb0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!LoadLibraryW] [7fef174d0d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryA] [7fef174cbc0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ole32.DLL[KERNEL32.dll!LoadLibraryW] [7fef174cc50] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryA] [7fef174d4c0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d3a0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d430] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\ieframe.dll[KERNEL32.dll!LoadLibraryW] [7fef174d550] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegDeleteKeyW] [7feee1cae90] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExA] [7fef174d160] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryExW] [7fef174d1f0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryA] [7fef174d280] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[KERNEL32.dll!LoadLibraryW] [7fef174d310] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegGetUSValueW] [7feee1cb420] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHSetValueW] [7feee1cad20] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHDeleteKeyW] [7feee1cacb0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\inetcpl.cpl[SHLWAPI.dll!SHRegSetUSValueW] [7feee1cb4e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExW] [7fef174d8b0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryW] [7fef174d9d0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryA] [7fef174d940] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!LoadLibraryExA] [7fef174d820] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExA] [7fef174cce0] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryExW] [7fef174cd70] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[KERNEL32.dll!LoadLibraryW] [7fef174ce90] C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG64.DLL
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegQueryValueExW] [7feee1cb0e0] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\windows\system32\iepeers.dll[ADVAPI32.dll!RegSetValueExW] [7feee1cb030] C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{90905B57-FBC8-4104-AABF-48F984044B5A}\Connection@Name isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CDBF1A12-36DC-462F-B648-E9C0AD469705}\Connection@Name isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\{3E973146-3A73-434D-9107-A100724F184B}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}"?"{CDBF1A12-36DC-462F-B648-E9C0AD469705}"?"{90905B57-FBC8-4104-AABF-48F984044B5A}"?"{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}"?"{86C24373-07DF-4388-AA05-770B16B1D6F7}"?"{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}"?"{3E973146-3A73-434D-9107-A100724F184B}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D2AFC5FF-AEA3-4BE1-A671-325D8DC586CC}?\Device\TCPIP6TUNNEL_{CDBF1A12-36DC-462F-B648-E9C0AD469705}?\Device\TCPIP6TUNNEL_{90905B57-FBC8-4104-AABF-48F984044B5A}?\Device\TCPIP6TUNNEL_{22A14B8F-B6A5-4E94-BA02-9E97760FD7BC}?\Device\TCPIP6TUNNEL_{86C24373-07DF-4388-AA05-770B16B1D6F7}?\Device\TCPIP6TUNNEL_{0F5BEF8C-328C-4DAA-88D6-2D8CCC7700B1}?\Device\TCPIP6TUNNEL_{3E973146-3A73-434D-9107-A100724F184B}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@InterfaceName isatap.{58DA0AF7-8A73-490B-9306-D20C0E2FAA55}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{90905B57-FBC8-4104-AABF-48F984044B5A}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@InterfaceName isatap.{9997D281-2D9C-4726-8D61-963461342A2A}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CDBF1A12-36DC-462F-B648-E9C0AD469705}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10312
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)

    ---- EOF - GMER 2.1 ----
     
  2. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hello relicon, and Welcome to the forum!

    My name is wannabeageek and I'll be helping you with any malware problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so!
    4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

      >>>Absence of symptoms does not mean that everything is clear.<<<


    I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

    Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

    Please read all instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

    Because of this, I advise you to backup any personal files and folders before you start
     
  3. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hello relicon,

    I noticed you are using the following program: LogMeIn If you are using this for business, it is vital you be upfront and tell me now.
    It is not that I do not want to help you, it is that the tools we use change policies, close ports, and remove program files related to business programs as they cannot tell what is for business and what is malware.
    If you do use this for business, this could very well disrupt your ability to connect to any business server you use on line.

    If you do use this for business, STOP. Do not continue and post back stating so.

    otherwise;

    Please be very careful about how you answer the questions for uninstalling the programs I listed for you to uninstall.
    Some of the questions are worded to trick you into keeping the program, making removal quite difficult.

    Step 1.
    Uninstall Programs
    I need you to uninstall some program(s).

    1. Click on Start...then... Click the Start Search box on the Start Menu.
    2. Copy and paste the value below, into the open text entry box:
      appwiz.cpl
    3. then press enter.
      • Locate the following program(s):
        Adobe Reader 9.5.1
        AVG SafeGuard toolbar
        Delta Chrome Toolbar
        Delta toolbar
        DomaIQ
        IB Updater Service
        iLivid
        Inbox Toolbar
        InboxAce Toolbar
        Internet Explorer Toolbar 4.7 by SweetPacks
        LessTabs
        My Scrap Nook Toolbar
        MyFunCards Toolbar
        Norton PC Checkup
        Optimizer Pro v3.0
        PC Power Speed 1.0.0.24
        Searchqu Toolbar
        SocialSearchBar_App Toolbar
        Supreme Savings
        Updater By SweetPacks 2.0.0.609
      • Select the program and click on Uninstall to uninstall it.
        Carefully read any prompts...
        Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
      • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.



    Step 2.
    DDS Scan

    1. DDS[/url] Should still be on your desktop.
      Disable any script blocking software you have running before running DDS.
    2. Please double click dds.com to run the tool. (File name will be different if alternate download used).
    3. Please right mouse click and select "Run As Administrator" on dds.com to run the tool. (File name will be different if alternate download used).
      If you are using DDS.com, a black window will open with some additional instructions and comments... There is no need to change the default settings.
    4. When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    5. Please post both the DDS.txt and Attach.txt files in your next reply.



    Please include in your next reply:

    1. Contents of DDS.txt log
    2. Contents of Attach.txt log
    3. Any problem executing the instructions?

    Thanks,
    wbg
     
  4. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    I don't use LogMeIn for business.
    I also uninstalled the programs that were listed and I did notice a big difference.
    All those unwanted redirect and pop up windows are gone.
    I am incredibly happy right now for your amazing help! Thanks a billion times!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635
    Run by Editha Teves at 1:17:24 on 2013-07-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4137 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\24x7Help\App24x7Svc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\TPHDEXLG64.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe
    C:\Windows\V0350Mon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    C:\Program Files (x86)\24x7Help\App24x7Help.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook.exe
    C:\Program Files (x86)\24x7Help\App24x7Hook64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\svchost.exe -k WbioSvcGroup
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Secret Feedback: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SecretFeedback\IE\common.dll
    BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll
    BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "C:\Users\Editha Teves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
    mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
    mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
    mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
    mRun: [V0350Mon.exe] C:\windows\V0350Mon.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}\05F43545F56596379647F627 : DHCPNameServer = 10.2.145.9
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
    x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
    x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-10 57952]
    R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-10-10 39008]
    R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2011-10-10 23648]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-10 13408]
    R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-10-10 55880]
    R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-10-10 22912]
    R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-10-10 20328]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-10-10 62584]
    R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-3-24 342168]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
    R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
    R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2010-10-31 35952]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2012-1-10 72216]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2013-3-5 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-10 2656280]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-14 317440]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-10-10 307304]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\drivers\rtsuvc.sys [2011-10-10 8200552]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 VF0350Afx;VF0350 Audio FX;C:\windows\System32\drivers\V0350Afx.sys [2012-6-30 214240]
    S3 VF0350Vfx;VF0350 Video FX;C:\windows\System32\drivers\V0350Vfx.sys [2012-6-30 12288]
    S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\windows\System32\drivers\V0350Vid.sys [2012-6-30 214976]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-12 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-07-28 01:01:31 388096 ----a-r- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-07-28 01:01:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\searchplugins
    2013-07-24 12:34:28 -------- d-----w- C:\windows\SysWow64\Extensions
    2013-07-24 12:34:15 -------- d-----w- C:\Users\Editha Teves\AppData\Roaming\Babylon
    2013-07-24 12:34:15 -------- d-----w- C:\ProgramData\Babylon
    2013-07-11 13:39:10 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-11 13:39:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-11 13:39:10 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-11 13:39:10 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-11 13:39:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-11 13:39:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-11 13:39:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-11 13:39:08 624128 ----a-w- C:\windows\System32\qedit.dll
    2013-07-11 13:39:08 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2013-07-11 13:39:07 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-11 13:39:06 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-11 13:39:00 3153920 ----a-w- C:\windows\System32\win32k.sys
    2013-07-11 13:38:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-11 13:38:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2013-07-11 13:38:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-07-11 13:38:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-11 13:38:58 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-11 13:38:46 1643520 ----a-w- C:\windows\System32\DWrite.dll
    2013-07-11 13:38:46 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
    2013-07-09 04:25:40 -------- d-sh--w- C:\found.002
    2013-07-01 22:28:40 -------- d-----w- C:\Program Files (x86)\SecretFeedback
    .
    ==================== Find3M ====================
    .
    2013-06-12 13:44:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 13:44:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-06-08 14:17:54 35656 ----a-w- C:\windows\System32\LMIport.dll
    2013-06-08 14:17:54 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
    2013-06-08 14:17:53 100680 ----a-w- C:\windows\System32\LMIinit.dll
    2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 1:17:49.77 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2012 9:30:01 AM
    System Uptime: 7/28/2013 12:59:38 AM (1 hours ago)
    .
    Motherboard: LENOVO | | Emerald Lake
    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 655 GiB total, 599.358 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 26.24 GiB free.
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP96: 7/1/2013 12:28:37 PM - Scheduled Checkpoint
    RP97: 7/11/2013 5:40:11 PM - Windows Update
    RP98: 7/18/2013 7:15:47 PM - Scheduled Checkpoint
    RP99: 7/27/2013 6:00:51 PM - Windows Update
    RP100: 7/27/2013 7:00:58 PM - Installed HiJackThis
    RP101: 7/27/2013 11:09:10 PM - Removed Adobe Reader 9.5.1.
    RP102: 7/27/2013 11:14:23 PM - Removed Microsoft .NET Framework 4 Extended
    RP103: 7/27/2013 11:15:42 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
    RP104: 7/27/2013 11:44:34 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    Active Protection System
    Adobe Flash Player 11 ActiveX
    Advanced Video FX Engine
    AppGraffiti
    AVG 2013
    Best Buy pc app
    BioExcess
    Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
    CyberLink YouCam
    D3DX10
    EgisTec ES603 WDM Driver
    Energy Management
    ES603 WDM Driver
    FlashPlayer
    FriendsChecker
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    Intel® PROSet/Wireless WiMAX Software
    Junk Mail filter update
    Lenovo EasyCamera
    Lenovo EE Boot Optimizer
    Lenovo OneKey Recovery
    Lenovo Security Suite
    LogMeIn
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    Norton PC Checkup
    PC Power Speed 1.0.0.24
    Port Locker
    Power2Go
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    RebateInformer
    Secret Feedback
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skype&#8482; 5.10
    Synaptics Pointing Device Driver
    UnfriendMonkey
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    VeriFace
    Visual Studio 2010 x64 Redistributables
    VLC media player 1.0.3
    Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/28/2013 1:00:32 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    7/27/2013 11:22:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IPsec Policy Agent service, but this action failed with the following error: An instance of the service is already running.
    7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    7/27/2013 11:21:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    7/27/2013 11:20:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    7/27/2013 11:20:33 PM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/27/2013 11:19:49 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/25/2013 7:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Registry Service service to connect.
    7/25/2013 7:56:44 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/24/2013 7:09:07 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
    7/24/2013 7:06:31 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 1726
    7/24/2013 6:35:04 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserDefendert service, but this action failed with the following error: An instance of the service is already running.
    7/24/2013 6:34:34 AM, Error: Service Control Manager [7031] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/24/2013 10:26:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user JoseTeves-PC\Editha Teves SID (S-1-5-21-2248509849-1098968737-2228260666-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/23/2013 7:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user JoseTeves-PC\Guest SID (S-1-5-21-2248509849-1098968737-2228260666-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/22/2013 9:44:48 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    7/22/2013 9:44:38 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: %%-2147467243
    7/22/2013 9:44:38 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%-2147467243
    .
    ==== End Of File ===========================
     
  5. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hi relicon,

    There are 5 more programs that need to be removed.

    Step 1.
    Uninstall Programs
    I need you to uninstall some program(s).

    1. Click on Start...then... Click the Start Search box on the Start Menu.
    2. Copy and paste the value below, into the open text entry box:
      appwiz.cpl
    3. then press enter.
      • Locate the following program(s):
        24x7 Help
        Norton PC Checkup
        PC Power Speed 1.0.0.24
        RebateInformer
      • Secret Feedback
    4. Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.



    Step 2.
    Junkware Removal Tool

    • Please download and run the following program: JRT.exe
    • Right-click JRT.exe and select " Run as administrator " to run it.
    • When the program is finished running, post the log JRT.txt in your next reply.



    Step 3.
    OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.

    1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    Please include in your next reply:

    1. Contents of JRT.txt
    2. Contents of OTL.txt
    3. Contents of Extras.txt
    4. Any problem executing the instructions?

    Thanks,
    wbg
     
  6. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.2.5 (07.26.2013:2)
    OS: Windows 7 Home Premium x64
    Ran by Editha Teves on Sun 07/28/2013 at 9:24:28.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{cc99a798-fd3d-4ab4-969e-6071612524f9}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{da71fd14-5f7b-46ae-b8b1-44074a38f331}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{f25af245-4a81-40dc-92f9-e9021f207706}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appgraffiti.appgraffitijs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3239904
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}



    ~~~ Files

    Successfully deleted: [File] "C:\end"
    Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
    Successfully deleted: [File] C:\windows\syswow64\sho3053.tmp
    Successfully deleted: [File] C:\windows\syswow64\shoE81.tmp
    Successfully deleted: [File] "C:\Users\EDITHA~1\AppData\Local\Temp\searchqutoolbar-manifest.xml"
    Successfully deleted: [File] "C:\windows\s.bat"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\partner"
    Successfully deleted: [Folder] "C:\ProgramData\pcpowerspeed"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\pccustubinstaller"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\AppData\Roaming\pcpowerspeed"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\local\best buy pc app"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\appgraffiti"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\delta"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\iac"
    Successfully deleted: [Folder] "C:\Users\Editha Teves\appdata\locallow\searchquband"
    Successfully deleted: [Folder] "C:\Program Files (x86)\appgraffiti"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\friendschecker"
    Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appgraffiti"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{0FFA5BD3-6C89-4FC1-B657-638380058071}
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{19995384-ADFB-4C25-9012-865531D36BA3}
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{5FC5BB2A-E845-4BC4-80E6-2EA405AE7A18}
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{76020CCC-10BD-4FBF-8998-06FA89F54277}
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{F2095D78-6EFC-4A78-984F-49235798B12E}
    Successfully deleted: [Empty Folder] C:\Users\Editha Teves\appdata\local\{FC305746-C7BE-44F5-85F4-C139369C038A}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 07/28/2013 at 9:31:19.92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    OTL logfile created on: 7/28/2013 9:34:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Editha Teves\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.56% Memory free
    11.83 Gb Paging File | 9.84 Gb Available in Paging File | 83.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 654.69 Gb Total Space | 601.66 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
    Drive D: | 29.00 Gb Total Space | 26.24 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: JOSETEVES-PC | User Name: Editha Teves | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/07/28 09:32:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
    PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2011/10/10 00:51:05 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/12/24 05:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    PRC - [2010/12/20 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/13 17:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
    PRC - [2010/12/13 17:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    PRC - [2010/12/13 17:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
    PRC - [2010/11/20 21:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2010/11/05 12:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2010/11/05 12:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/10/22 08:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/08/23 01:03:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0350Mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/10 00:51:04 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/06/14 04:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2011/06/14 04:26:20 | 000,986,112 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2010/11/02 07:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/11/02 07:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/11/02 07:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/12/09 03:52:52 | 000,047,712 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/06/12 07:44:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/06/08 08:17:59 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
    SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/12/20 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/12/13 17:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
    SRV - [2010/12/13 17:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2010/10/22 08:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/08 08:17:54 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/10 08:08:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/10 08:08:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/10 01:06:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
    DRV:64bit: - [2011/10/10 01:06:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
    DRV:64bit: - [2011/10/10 01:04:23 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
    DRV:64bit: - [2011/10/10 01:04:21 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2011/10/10 00:50:51 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
    DRV:64bit: - [2011/10/10 00:44:44 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2011/10/10 00:44:44 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2011/10/10 00:44:44 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/19 07:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
    DRV:64bit: - [2011/05/19 07:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
    DRV:64bit: - [2011/05/19 07:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2011/02/18 02:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/24 05:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/12/22 06:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/15 03:06:34 | 008,200,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
    DRV:64bit: - [2010/11/30 23:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/30 00:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/08 21:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/10/31 04:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
    DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/10/11 08:21:56 | 000,135,776 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2009/12/09 03:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2009/07/21 08:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/08/29 01:03:00 | 000,214,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vid.sys -- (VF0350Vid)
    DRV:64bit: - [2007/06/11 01:01:02 | 000,214,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Afx.sys -- (VF0350Afx)
    DRV:64bit: - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0350Vfx.sys -- (VF0350Vfx)
    DRV - [2013/06/01 20:14:03 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 30 70 BB 68 89 CE 01 [binary data]
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Editha Teves\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Editha Teves\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Editha Teves\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011/10/10 00:44:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\Firefox\
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendMonkey\Firefox\ [2012/12/08 04:12:40 | 000,000,000 | ---D | M]

    [2013/07/24 06:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://google.com/
    CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Secret Feedback = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
    CHR - Extension: Gmail = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
    O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003..\Run: [ROC_ROC_APR2013_AV] C:\Users\Editha Teves\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 94f611bb173c47d09c272197b771950a-b20db9261d661508d61180d35b882224ab0be8bb --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E39C52D6-388F-4538-9D11-75B5AFABFCCF}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/28 09:32:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
    [2013/07/28 09:24:25 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/07/28 01:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/07/28 00:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/07/27 19:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/07/27 19:01:31 | 000,000,000 | ---D | C] -- C:\Users\Editha Teves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/07/24 06:34:28 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins
    [2013/07/24 06:34:28 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions
    [2013/07/24 06:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/07/11 17:46:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2013/07/11 17:46:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2013/07/11 17:46:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
    [2013/07/11 17:46:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
    [2013/07/11 17:46:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
    [2013/07/11 17:46:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
    [2013/07/11 17:46:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
    [2013/07/11 17:46:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
    [2013/07/11 17:46:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
    [2013/07/11 17:46:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
    [2013/07/11 17:46:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
    [2013/07/11 17:46:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2013/07/11 17:46:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2013/07/11 17:46:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
    [2013/07/11 17:46:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2013/07/11 08:08:41 | 000,000,000 | ---D | C] -- C:\Users\Editha Teves\AppData\Roaming\Mozilla
    [2013/07/11 07:39:08 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
    [2013/07/11 07:39:08 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
    [2013/07/11 07:39:07 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
    [2013/07/11 07:39:06 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
    [2013/07/11 07:38:46 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
    [2013/07/08 22:25:40 | 000,000,000 | -HSD | C] -- C:\found.002
    [2013/07/01 16:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretFeedback

    ========== Files - Modified Within 30 Days ==========

    [2013/07/28 09:32:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Editha Teves\Desktop\OTL.exe
    [2013/07/28 09:28:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/28 09:28:03 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/28 09:26:10 | 000,780,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/07/28 09:26:10 | 000,660,990 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/07/28 09:26:10 | 000,121,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/07/28 09:20:30 | 000,134,942 | ---- | M] () -- C:\windows\SysNative\fastboot.set
    [2013/07/28 09:20:27 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/07/28 09:19:56 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
    [2013/07/28 09:19:52 | 469,348,351 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/28 01:40:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/07/28 01:15:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/07/28 01:14:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2248509849-1098968737-2228260666-1003UA.job
    [2013/07/28 00:51:37 | 000,002,283 | ---- | M] () -- C:\Users\Editha Teves\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/07/28 00:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/07/28 00:32:40 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/07/27 19:01:31 | 000,003,007 | ---- | M] () -- C:\Users\Editha Teves\Desktop\HiJackThis.lnk
    [2013/07/27 18:05:55 | 000,774,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2013/07/18 15:13:26 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2248509849-1098968737-2228260666-1003Core1ce21995c22ec9e.job
    [2013/07/11 17:53:57 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2013/07/28 01:40:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/07/28 00:32:40 | 000,002,283 | ---- | C] () -- C:\Users\Editha Teves\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/07/28 00:32:40 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/07/27 19:01:31 | 000,003,007 | ---- | C] () -- C:\Users\Editha Teves\Desktop\HiJackThis.lnk
    [2012/02/06 10:55:25 | 000,774,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/10/10 09:35:57 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
    [2011/10/10 09:35:57 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
    [2011/10/10 09:35:57 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
    [2011/10/10 09:35:57 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
    [2011/10/10 09:35:57 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
    [2011/10/10 09:35:57 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
    [2011/10/10 09:35:57 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
    [2011/10/10 09:35:57 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
    [2011/10/10 09:35:57 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
    [2011/10/10 09:35:57 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
    [2011/10/10 09:35:57 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
    [2011/10/10 09:35:56 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
    [2011/10/10 00:51:08 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
    [2011/10/10 00:51:08 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
    [2011/10/10 00:51:07 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
    [2011/10/10 00:51:07 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
    [2011/10/10 00:51:02 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
    [2011/08/31 20:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/08/31 20:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >


    OTL Extras logfile created on: 7/28/2013 9:34:08 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Editha Teves\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.56% Memory free
    11.83 Gb Paging File | 9.84 Gb Available in Paging File | 83.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 654.69 Gb Total Space | 601.66 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
    Drive D: | 29.00 Gb Total Space | 26.24 Gb Free Space | 90.48% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: JOSETEVES-PC | User Name: Editha Teves | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DBCA82A-80B8-4439-BD00-2187EAF1B28B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{14D720DC-E366-45FB-9902-7FAB50275292}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{27535F4F-F36F-4281-BB63-A47319E96ECD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{350BB6EF-5DBE-415E-AE99-1D97C5C8269B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3B43EE1E-10D0-4BBA-8054-EDD83F217A96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3BD34EBF-F4E0-42A9-B70F-01781CE45010}" = rport=139 | protocol=6 | dir=out | app=system |
    "{56AD9F92-F30D-424B-A2C9-8AE6B94BCB5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6140E554-FE98-486B-ADA4-BB30B7288BE4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{66BEE78E-F3F4-4C4C-9A6C-6F8E8A578233}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{89E759A2-3235-4C3B-AF07-BDA4A61B0FAA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8FAB542F-5368-442F-A40E-2EE10CC09579}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9A250DF7-F631-4006-BE30-248229BF9D5E}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{9B0DFD69-CAA2-47A3-A264-912BEC760149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F9A1375-3559-475D-8A65-2122B3B73761}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AA166CC8-15C0-4C6C-A04A-99ABA56B0F42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AA8A7D02-0C78-4539-B2D7-0B556613E1F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ADA2166F-CEAE-4C95-9486-D2E28FC6FADC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B5B3B3B6-DAD3-41A7-9D5F-560475BD0559}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BD22FD12-34DC-4171-B93E-0E76A74179DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BFE533F0-7189-4373-B1EF-AAB845D7238E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C10D9C1A-E73E-4451-ADE0-97B5297BB339}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C33E3799-5CB3-4AEE-83C6-B9C289D1DC9A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C59A141C-0136-47B1-8BBB-0A0F0986ADF2}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10F88F9B-7E89-4753-B267-6C56A5EA7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{18574A1F-E5D1-4C89-8289-7E32EF26F58A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{1A0171BC-52A7-4D41-80DD-5067C2CC9287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{205F52FA-20B3-4037-9748-501C180F3CDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{21A67B5B-C79B-48E2-A273-88A8EA24A10D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{21D33D15-6CF7-4CA5-9190-A2BF7E716F16}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{226FAD5A-4319-473D-895E-4F264A8FF0A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2529CBC2-1C49-4745-B92D-0927E4C9FDD1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{27B2C580-B514-4F64-9DCE-039A6A76BBF6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{3613AE99-044E-47C3-9ACD-DAD8F33E9049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{37E6DE4F-4E2A-4013-9A26-8CBC26805B60}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{3BDC7665-0F76-4307-9F43-AA77A6881B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{45FD4D73-5A39-429A-8047-BECB3BD0E18F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{47B8472E-ABD6-47C3-ADF3-A79E5FC45BBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4DE1AD86-4C60-46BE-BD31-6833510D665B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{536A97D5-5BCB-4D26-BB8F-97DF96767094}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5AF503E8-42E7-4ED0-8337-E2A7DD263DE4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{5E166523-4F72-412B-B29D-B7EC28CA3DE3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5E57A840-0EDC-4D70-8D55-62E4031FF49D}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{60429611-B5A9-45C1-85DB-240AAA93D6F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{6745B2EA-BE41-4208-A4CE-14FEEC13BA87}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{68F56E46-A7D5-4B61-A039-DA6231C92601}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6954D550-4B24-4016-897A-502EDD26A6E9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6D2E5B69-C756-4842-94E3-6B726EB8CABA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{74AF28BF-64F9-419F-B476-926B86B0F0C8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{7EFC31E6-5E8C-447B-93ED-79CEA2C4ABF6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{876B2B72-58D9-4BA3-A665-E50AA72A3575}" = protocol=6 | dir=out | app=system |
    "{8830FB3D-2582-4847-9590-2EAE163FCFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{94D6A29C-300B-4EB9-8FEA-9F5B2B6AF4F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A36B90F7-2813-446D-B991-4C56305295C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A846B62A-13E0-441F-BE98-CB64539BCC30}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{AA84BA3C-A8F3-49D2-88CD-D5055F25164E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{ABC5FA35-F80A-4D05-83F6-DBB687FE770C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AE5E9618-0FA0-4940-86C8-C395481D0AD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B1A4B19B-8329-4CD2-831E-2199868BD906}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{B9D5D6C9-31AD-4BFA-AA95-C470EB2486AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{BEEDA41A-EFA9-41A1-B661-9C2449D8D351}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BF824A4A-273D-4CC2-908A-92B30C6A2753}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{C74A9598-B9CD-4823-83E3-57075B5BE39B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{CD871DB2-B993-4E93-A9D7-C61A09F2FB69}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{D1F4EA81-6401-4AF1-8F0E-5A2FB12D074C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DB702ED0-00F5-43D8-80DF-C9C96FBA6B39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{E259FBA1-1953-4BE7-A172-26C3A301471A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{E39DF138-BCA2-49EC-BEE6-8ED1A4B44E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{E8FDFBEB-A4DA-4D5B-8766-FFDF24EBA5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F25A9289-3F30-4BD9-AB78-53AA2524B055}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F89528A5-FDA0-4666-8375-EB7E69767192}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{FA38C771-9FF4-4A18-9BC1-B0CE45A5669C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{FD06BBED-AE85-4BD2-95AA-45A48B4B5874}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
    "{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
    "{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00)
    "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
    "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
    "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
    "{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.24
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
    "{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "FriendsChecker" = FriendsChecker
    "Google Chrome" = Google Chrome
    "InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
    "InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
    "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
    "InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "SecretFeedback" = Secret Feedback
    "UnfriendMonkey" = UnfriendMonkey
    "VeriFace" = VeriFace
    "VLC media player" = VLC media player 1.0.3
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "e55b814e55744b76" = Best Buy pc app

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 7/28/2013 11:41:35 AM | Computer Name = JoseTeves-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
  7. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hello relicon,

    Please run the following:

    Step 1.
    Run OTL Script
    We need to run an OTL Fix

    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :commands
      [createrestorepoint]
      
      :OTL
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
      IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
      64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
      CHR - Extension: Secret Feedback = C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0\
      O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
      O3 - HKU\S-1-5-21-2248509849-1098968737-2228260666-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1"=-
      "SecretFeedback"=-
      
      :Commands
      [EMPTYTEMP]
      
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    • Please post the contents of report in your next reply.

    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


    Step 2.
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2



    • Right-click SystemLook.exe and select " Run as administrator " to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :folderfind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :Regfind
      Bandoo
      Community
      Conduit
      datamngr
      Fun4IM
      iLivid
      IObit
      Iminent
      Searchqu
      Searchnu
      Tarma
      trolltech
      vshare
      whitesmoke
      Yontoo
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt




    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  8. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    Nope, no problem executing the instructions at all. The computer is behaving very well. It doesn't have any unwanted redirects or pop ups anymore. Thanks again


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
    File C:\Program Files\Updater By SweetPacks\Firefox not found.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9E3331-D360-4f87-8803-52DE43566502}\ not found.
    File C:\Program Files\Updater By SweetPacks\Firefox not found.
    File C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.20_0 not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SecretFeedback not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Editha Teves
    ->Temp folder emptied: 55063646 bytes
    ->Temporary Internet Files folder emptied: 10645099 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 523 bytes

    User: Guest
    ->Temp folder emptied: 885979970 bytes
    ->Temporary Internet Files folder emptied: 187078237 bytes
    ->Google Chrome cache emptied: 90344569 bytes
    ->Flash cache emptied: 72901 bytes

    User: ISPuser
    ->Temp folder emptied: 944974 bytes
    ->Temporary Internet Files folder emptied: 808336 bytes
    ->Google Chrome cache emptied: 856432 bytes

    User: Jose Teves
    ->Temp folder emptied: 196842241 bytes
    ->Temporary Internet Files folder emptied: 347194850 bytes
    ->Google Chrome cache emptied: 7196571 bytes
    ->Flash cache emptied: 7392 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4156337 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1010809 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,705.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 07282013_165114




    SystemLook 30.07.11 by jpshortstuff
    Log created at 18:44 on 28/07/2013 by Editha Teves
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Community*"
    No files found.

    Searching for "*Conduit*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*iLivid*"
    C:\Users\Guest\AppData\Local\iLivid\iLivid.exe --a---- 3439616 bytes [11:23 13/03/2013] [11:52 20/01/2013] D5FC2EA934CBC5EF6140DEE011984DFA
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_de.qm --a---- 32485 bytes [11:23 13/03/2013] [11:51 20/01/2013] E38586374B7462948E741513ACA73469
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_en.qm --a---- 23 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4AEF4415F2E976B2CC6F24B877804A57
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_es.qm --a---- 31308 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4F81DFF25D4A9D62AE6F00188F20DD95
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_fr.qm --a---- 33782 bytes [11:23 13/03/2013] [11:51 20/01/2013] 74E8B1351C97B563C6150589ECA02669
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_it.qm --a---- 31432 bytes [11:23 13/03/2013] [11:51 20/01/2013] 1CB37F7FF96D25B3409F4143FA433E04
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_pt.qm --a---- 28820 bytes [11:23 13/03/2013] [11:51 20/01/2013] 9DAD581B07E6F8FA319F78E9D327191C
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_tr.qm --a---- 29146 bytes [11:23 13/03/2013] [11:51 20/01/2013] BBAE9B0AEA7697753FCDBC353D42FC38
    C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1040 bytes [11:24 13/03/2013] [11:24 13/03/2013] 81CB49289E90AF43C390454D529EA1E0
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1046 bytes [11:24 13/03/2013] [11:24 13/03/2013] DB2DD2072856A3DDC4D50208F3D8BD6A
    C:\Users\Guest\Desktop\iLivid.lnk --a---- 1038 bytes [11:24 13/03/2013] [11:24 13/03/2013] A7543542A85ECB937EF32EB970044AED

    Searching for "*IObit*"
    No files found.

    Searching for "*Iminent*"
    No files found.

    Searching for "*Searchqu*"
    C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\70Y9K715\www.searchquotes[1].xml --a---- 13 bytes [19:37 14/04/2013] [19:37 14/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

    Searching for "*Searchnu*"
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 5120 bytes [05:22 14/03/2013] [13:10 21/04/2013] 0D37AC5EDCB63EF2FAAA5D89BE14346E
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 5672 bytes [05:22 14/03/2013] [13:10 21/04/2013] 820BD804DCC6F87E85D107FDAE69C7C8

    Searching for "*Tarma*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    Searching for "*vshare*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*Yontoo*"
    No files found.

    ========== folderfind ==========

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Community*"
    No folders found.

    Searching for "*Conduit*"
    No folders found.

    Searching for "*datamngr*"
    C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr d------ [11:23 13/03/2013]
    C:\Users\Jose Teves\AppData\LocalLow\DataMngr d------ [16:02 07/07/2012]

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*iLivid*"
    C:\Users\Guest\AppData\Local\iLivid d------ [11:23 13/03/2013]
    C:\Users\Guest\AppData\Local\iLivid\iLivid d------ [11:24 13/03/2013]

    Searching for "*IObit*"
    No folders found.

    Searching for "*Iminent*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Tarma*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    Searching for "*vshare*"
    No folders found.

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*Yontoo*"
    No folders found.

    ========== Regfind ==========

    Searching for "Bandoo"
    No data found.

    Searching for "Community"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityID"="CT3239904"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityID"="CT3239904"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityEnabled"="FALSE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Monitored]
    "MultiCommunityID"="CT3239904"

    Searching for "Conduit"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPClientsServerName"="http://alert.client.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPServicesServerName"="http://alert.services.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\Conduit\RevertSettings]
    "ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\DynConIE]
    "cache.www.pchealthboost.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1476_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
    <newjs>
    <![CDATA[
    var scp = document.createElement('script');
    scp.text = 'window["puConfig"] = {'
    + 'PartnerId: "970",'
    + 'Version: "1002006020",'
    + 'urlid: 300,'
    + 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
    + 'NameShort4: "SFBK",'
    + 'HostUrl: "http://www.pchealthboost.com/",'
    + 'HostDomain: "secretfeedbackapp.com",'
    + 'MaxPerDaySinceMidnite: "4",'
    + 'PopUnderLastShownKey: "pu.lastShown",'
    + 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
    + 'AdOnChance: 0.9,'
    + 'AdInfoText: "Ad Info"'
    + '};'
    + 'window["ADNConfig"] = window["puConfig"];';
    try {
    var h = document.getElementsByTagName("HEAD")[0];
    h.appendChild(scp);

    }catch (e) {}
    ]]>
    </newjs>

    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "GroupingServerURL"="http://grouping.services.conduit.com/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SearchServerUrl"="http://search.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "Server"="users.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ABTestUsage]
    "ServiceUrl"="http://tb-test.conduit-data.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppRegisterUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsMetaData]
    "ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsSettings]
    "ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingFirstTime]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingUsage]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppUninstallUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\BrowserToolbarsInfo]
    "ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ClientErrorLog]
    "ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\DynamicDialogs]
    "ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\GottenAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\HostingUsage]
    "ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\LocationService]
    "ServiceUrl"="http://ip2location.conduit-services.com/ip/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\OtherAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\RecoveryService]
    "ServiceUrl"="http://recovery.conduit-services.com/toolbar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchInNewTabBlank]
    "ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchSettings]
    "ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SharedAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarGrouping]
    "ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenLogin]
    "ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarLogin]
    "ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForPublisher]
    "ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsPublisherForSB]
    "ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarTranslation]
    "ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUninstall]
    "ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialog]
    "ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialogUsage]
    "ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettings]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettingsNC]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppValidation]
    "ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
    "SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPClientsServerName"="http://alert.client.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPServicesServerName"="http://alert.services.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\Conduit\RevertSettings]
    "ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
    "cache.www.secretfeedbackapp.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
    <newjs>
    <![CDATA[
    var scp = document.createElement('script');
    scp.text = 'window["puConfig"] = {'
    + 'PartnerId: "970",'
    + 'Version: "1002006020",'
    + 'urlid: 300,'
    + 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
    + 'NameShort4: "SFBK",'
    + 'HostUrl: "http://www.secretfeedbackapp.com/",'
    + 'HostDomain: "secretfeedbackapp.com",'
    + 'MaxPerDaySinceMidnite: "4",'
    + 'PopUnderLastShownKey: "pu.lastShown",'
    + 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
    + 'AdOnChance: 0.9,'
    + 'AdInfoText: "Ad Info"'
    + '};'
    + 'window["ADNConfig"] = window["puConfig"];';
    try {
    var h = document.getElementsByTagName("HEAD")[0];
    h.appendChild(scp);

    }catch (e) {}
    ]]>
    </newj
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
    "cache.d11vdn9ox0j18d.cloudfront.net.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1146_1263_1348_1482_1493"><content id="puConfig_2052A3DD">
    <newjs>
    <![CDATA[
    var scp = document.createElement('script');
    scp.text = 'window["puConfig"] = {'
    + 'PartnerId: "970",'
    + 'Version: "1002006020",'
    + 'urlid: 300,'
    + 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
    + 'NameShort4: "SFBK",'
    + 'HostUrl: "http://d11vdn9ox0j18d.cloudfront.net/",'
    + 'HostDomain: "secretfeedbackapp.com",'
    + 'MaxPerDaySinceMidnite: "4",'
    + 'PopUnderLastShownKey: "pu.lastShown",'
    + 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
    + 'AdOnChance: 0.9,'
    + 'AdInfoText: "Ad Info"'
    + '};'
    + 'window["ADNConfig"] = window["puConfig"];';
    try {
    var h = document.getElementsByTagName("HEAD")[0];
    h.appendChild(scp);

    }catch (e) {}
    ]]>
    </newjs>
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\DynConIE]
    "cache.www.pchealthboost.com.content"="<package expire="3600" es="914" pcdids="v51_1164_1169_1476_1479_1146_1263_1348_1480_1482_1493"><content id="puConfig_2052A3DD">
    <newjs>
    <![CDATA[
    var scp = document.createElement('script');
    scp.text = 'window["puConfig"] = {'
    + 'PartnerId: "970",'
    + 'Version: "1002006020",'
    + 'urlid: 300,'
    + 'ExtGuid: "3f4ade4c3cc5fbf9e0fa10a342c0ef8c",'
    + 'NameShort4: "SFBK",'
    + 'HostUrl: "http://www.pchealthboost.com/",'
    + 'HostDomain: "secretfeedbackapp.com",'
    + 'MaxPerDaySinceMidnite: "4",'
    + 'PopUnderLastShownKey: "pu.lastShown",'
    + 'AdCdn: "//d11vdn9ox0j18d.cloudfront.net",'
    + 'AdOnChance: 0.9,'
    + 'AdInfoText: "Ad Info"'
    + '};'
    + 'window["ADNConfig"] = window["puConfig"];';
    try {
    var h = document.getElementsByTagName("HEAD")[0];
    h.appendChild(scp);

    }catch (e) {}
    ]]>
    </newjs>

    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "GroupingServerURL"="http://grouping.services.conduit.com/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SearchServerUrl"="http://search.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "Server"="users.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ABTestUsage]
    "ServiceUrl"="http://tb-test.conduit-data.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppRegisterUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsMetaData]
    "ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsSettings]
    "ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingFirstTime]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingUsage]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppUninstallUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\BrowserToolbarsInfo]
    "ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ClientErrorLog]
    "ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\DynamicDialogs]
    "ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\GottenAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\HostingUsage]
    "ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\LocationService]
    "ServiceUrl"="http://ip2location.conduit-services.com/ip/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\OtherAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\RecoveryService]
    "ServiceUrl"="http://recovery.conduit-services.com/toolbar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchInNewTabBlank]
    "ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchSettings]
    "ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SharedAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarGrouping]
    "ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenLogin]
    "ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarLogin]
    "ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForPublisher]
    "ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsPublisherForSB]
    "ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarTranslation]
    "ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUninstall]
    "ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialog]
    "ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialogUsage]
    "ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettings]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettingsNC]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppValidation]
    "ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
    "SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPClientsServerName"="http://alert.client.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
    "ALPServicesServerName"="http://alert.services.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\Conduit\RevertSettings]
    "ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&ctid=CT3239904"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\DynConIE]
    "cache.cdncache1-a.akamaihd.net.content"="<package expire="3600" es="914" pcdids="v51_1520_1164_1146_1169_1479_1348_1480_1482_1493_1521"><content id="MB_P1">
    <newjs>
    <![CDATA[

    (function () {
    try {
    var txt = '(function(){'
    +'var e={register:function(e,t,n,r,i,s){if(!this.groups[e]){return false}var o={id:t,freq:n,max:r,maxReset:i,cb:s};this.groups[e].tasks[t]=o;return true},registerAntiTask:function(e,t){if(!this.antiTasks){return false}var n={id:e,cb:t};this.antiTasks.push(n);return true},registerAntiTask2:function(e,t,n,r,i,s){if(!this.antiTasks){return false}var o={id:e,anti:t,freq:n,max:r,maxReset:i,cb:s};this.antiTasks2.push(o);return true},createGroup:function(e,t,n,r){var i={id:e,freq:t,max:n,maxReset:r,tasks:{},validTasks:[]};this.groups[e]=i},groups:{},antiTasks:[],antiTasks2:[]};'
    +'e.createGroup("HPA",30,null,null);'
    +'window["0C9E
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "GroupingServerURL"="http://grouping.services.conduit.com/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SearchServerUrl"="http://search.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "Server"="users.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar]
    "SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ABTestUsage]
    "ServiceUrl"="http://tb-test.conduit-data.com"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppRegisterUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsMetaData]
    "ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppsSettings]
    "ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingFirstTime]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppTrackingUsage]
    "ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\AppUninstallUsage]
    "ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\BrowserToolbarsInfo]
    "ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ClientErrorLog]
    "ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\DynamicDialogs]
    "ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\GottenAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\HostingUsage]
    "ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\LocationService]
    "ServiceUrl"="http://ip2location.conduit-services.com/ip/"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\OtherAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\RecoveryService]
    "ServiceUrl"="http://recovery.conduit-services.com/toolbar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchInNewTabBlank]
    "ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SearchSettings]
    "ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\SharedAppsContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarAppUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarComponentUsage]
    "ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarContextMenu]
    "ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarGrouping]
    "ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenLogin]
    "ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarHiddenSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarLogin]
    "ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettings]
    "ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForPublisher]
    "ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsForSB]
    "ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarSettingsPublisherForSB]
    "ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarTranslation]
    "ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUninstall]
    "ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\ToolbarUsage]
    "ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialog]
    "ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\UninstallDialogUsage]
    "ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettings]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppSettingsNC]
    "ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Repository\conduit_CT3239904\WebAppValidation]
    "ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\SocialSearchBar_App\toolbar\Settings]
    "SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&q=MYSEARCHTERM"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

    Searching for "datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
    "AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr_Toolbar]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1004\Software\Datamngr]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_F]
    "DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_F]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_S]
    "DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_V]
    "DependentKey"="Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}_V]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_F]
    "DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_F]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{2421d847-721c-404f-87b4-bbd2b95d1087}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_S]
    "DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_V]
    "DependentKey"="Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{2421d847-721c-404f-87b4-bbd2b95d1087}\{2421d847-721c-404f-87b4-bbd2b95d1087}_V]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{2421d847-721c-404f-87b4-bbd2b95d1087}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_F]
    "DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_F]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_S]
    "DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_V]
    "DependentKey"="Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}\{EEE6C35B-6118-11DC-9C72-001320C79847}_V]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{EEE6C35B-6118-11DC-9C72-001320C79847}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_F]
    "DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_F]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_S]
    "DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_V]
    "DependentKey"="Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr_Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f}\{fe6f06fb-0fc0-4499-828f-ee48088f504f}_V]
    "DependentValue"="Software\DataMngr_Toolbar\Values\{fe6f06fb-0fc0-4499-828f-ee48088f504f}"

    Searching for "Fun4IM"
    No data found.

    Searching for "iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player]
    "InstallPath"="C:\Program Files (x86)\iLivid"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player]
    "player_path"="C:\Program Files (x86)\iLivid\VLC\vlc.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\ilivid\player\hosts\ilivid.com]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\iLivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\iLivid]
    "Home"="C:\Users\Guest\AppData\Local\iLivid"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\player]
    "player_path"="C:\Users\Guest\AppData\Local\iLivid\VLC\vlc.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\ilivid\player\hosts\ilivid.com]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Guest\AppData\Local\iLivid]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Guest\AppData\Local\iLivid]

    Searching for "IObit"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

    Searching for "Iminent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RASMANCS]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "Folder"="C:\Program Files (x86)\Searchqu Toolbar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr]
    "UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
    "DNSUrl"="http://www.searchqu.com/web?src=derr&appid=342&systemid=406&q="
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
    "404Url"="http://www.searchqu.com/web?src=404&appid=342&systemid=406&q="
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=342&systemid=406&qu={searchTerms}&ft=json"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "Folder"="C:\Program Files (x86)\Searchqu Toolbar"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr]
    "UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
    "DNSUrl"="http://www.searchqu.com/web?src=derr&appid=342&systemid=406&q="
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
    "404Url"="http://www.searchqu.com/web?src=404&appid=342&systemid=406&q="
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=319&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3537575531154241&qu={searchTerms}&ft=json"

    Searching for "Searchnu"
    [HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
    "HomePage"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\Files\ChromeHomepage]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\Files\Homepage]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\IEBHO]
    "NewTabUrl"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\DataMngr\List\Item2]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
    "HomePage"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\Files\ChromeHomepage]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\Files\Homepage]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\IEBHO]
    "NewTabUrl"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\DataMngr\List\Item2]
    "Value"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

    Searching for "Tarma"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\AppDataLow\Software\DynConIE]
    "JS\CD1C3ECF.1298752207 friends"="%7B%22522490198%22%3A%7B%22uid%22%3A522490198%2C%22photo%22%3A%22https%3A//fbcdn-profile-a.akamaihd.net/hprofile-ak-prn1/49080_522490198_1903604802_q.jpg%22%2C%22type%22%3A%22user%22%2C%22text%22%3A%22Theresa%20Aloha%20Eleazar%20Chua-Esmeralda%22%2C%22path%22%3A%22/theresaaloha.eleazarchuaesmeralda%22%2C%22category%22%3A%22Stockton%2C%20California%22%2C%22needs_update%22%3Atrue%2C%22non_title_tokens%22%3A%22stockton%2C%20california%22%2C%22names%22%3A%5B%22Theresa%20Aloha%20Eleazar%20Chua-Esmeralda%22%5D%7D%2C%22522546270%22%3A%7B%22uid%22%3A522546270%2C%22photo%22%3A%22https%3A//fbcdn-profile-a.akamaihd.net/hprofile-ak-snc7/369280_522546270_1466291682_q.jpg%22%2C%22type%22%3A%22user%22%2C%22text%22%3A%22Soy%20Fabio%20Concepcion%22%2C%22path%22%3A%22/soy.f.concepcion%22%2C%22category%22%3A%22Triangle%2C%20Virginia%22%2C%22needs_update%22%3Atrue%2C%22non_title_tokens%22%3A%22trian

    Searching for "trolltech"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

    Searching for "vshare"
    No data found.

    Searching for "whitesmoke"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-1000\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2248509849-1098968737-2228260666-501\Software\Updater By SweetPacks\script_storage]
    "WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

    Searching for "Yontoo"
    No data found.

    -= EOF =-
     
  9. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hi relicon,

    There still appears to be a lot of junk left to remove.
    Please run the following and post as each scan completes.

    Step 1.
    AdwCleaner - Search
    Please download AdwCleaner by Xplode, save it to your desktop.

    1. Close ALL open programs, including your Internet browsers.
    2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
    3. Click on Search.
    4. A logfile C:\AdwCleaner[R1].txt will automatically open after the scan has finished.
    5. Please post the content of the C:\AdwCleaner[R1].txt logfile in your next reply.



    Step 2.
    AdwCleaner - Fix
    You should still have AdwCleaner on your desktop.

    1. Close ALL open programs, including your Internet browsers.
    2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
    3. Click on Delete.
    4. Select OK at each prompt. When done, your computer will be rebooted automatically.
    5. A logfile C:\AdwCleaner[S1].txt will automatically open after the scan has finished.
    6. Please post the content of the C:\AdwCleaner[S1].txt logfile in your next reply.



    Step 3.
    SystemLook should still be on your Desktop.


    • Right-click SystemLook.exe and select " Run as administrator " to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :folderfind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :Regfind
      Bandoo
      Community
      Conduit
      datamngr
      Fun4IM
      iLivid
      IObit
      Iminent
      Searchqu
      Searchnu
      Tarma
      trolltech
      vshare
      whitesmoke
      Yontoo
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Please include in your next reply:

    1. Contents of C:\AdwCleaner[R1].txt
    2. Contents of C:\AdwCleaner[S1].txt
    3. Contents of SystemLook.txt
    4. Any problem executing the instructions?
    5. How is the computer behaving?

    Thanks,
    wbg
     
  10. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    No problems executing the instructions. The computer is working perfectly fine. No unwanted pop ups and/or redirects or any virus messages.

    # AdwCleaner v2.306 - Logfile created 07/29/2013 at 09:54:32
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Editha Teves - JOSETEVES-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Editha Teves\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Google Chrome v28.0.1500.72

    File : C:\Users\Jose Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\ISPuser\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [10662 octets] - [28/07/2013 18:00:00]
    AdwCleaner[R2].txt - [962 octets] - [29/07/2013 09:54:32]
    AdwCleaner[S1].txt - [10774 octets] - [28/07/2013 18:00:49]

    ########## EOF - C:\AdwCleaner[R2].txt - [1082 octets] ##########


    # AdwCleaner v2.306 - Logfile created 07/29/2013 at 10:02:01
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Editha Teves - JOSETEVES-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Editha Teves\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Registry is clean.

    -\\ Google Chrome v28.0.1500.72

    File : C:\Users\Jose Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Editha Teves\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\ISPuser\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [10662 octets] - [28/07/2013 18:00:00]
    AdwCleaner[R2].txt - [1151 octets] - [29/07/2013 09:54:32]
    AdwCleaner[S1].txt - [10774 octets] - [28/07/2013 18:00:49]
    AdwCleaner[S2].txt - [1083 octets] - [29/07/2013 10:02:01]

    ########## EOF - C:\AdwCleaner[S2].txt - [1143 octets] ##########


    SystemLook 30.07.11 by jpshortstuff
    Log created at 10:14 on 29/07/2013 by Editha Teves
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Community*"
    No files found.

    Searching for "*Conduit*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*iLivid*"
    C:\Users\Guest\AppData\Local\iLivid\iLivid.exe --a---- 3439616 bytes [11:23 13/03/2013] [11:52 20/01/2013] D5FC2EA934CBC5EF6140DEE011984DFA
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_de.qm --a---- 32485 bytes [11:23 13/03/2013] [11:51 20/01/2013] E38586374B7462948E741513ACA73469
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_en.qm --a---- 23 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4AEF4415F2E976B2CC6F24B877804A57
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_es.qm --a---- 31308 bytes [11:23 13/03/2013] [11:51 20/01/2013] 4F81DFF25D4A9D62AE6F00188F20DD95
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_fr.qm --a---- 33782 bytes [11:23 13/03/2013] [11:51 20/01/2013] 74E8B1351C97B563C6150589ECA02669
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_it.qm --a---- 31432 bytes [11:23 13/03/2013] [11:51 20/01/2013] 1CB37F7FF96D25B3409F4143FA433E04
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_pt.qm --a---- 28820 bytes [11:23 13/03/2013] [11:51 20/01/2013] 9DAD581B07E6F8FA319F78E9D327191C
    C:\Users\Guest\AppData\Local\iLivid\translations\ilivid_tr.qm --a---- 29146 bytes [11:23 13/03/2013] [11:51 20/01/2013] BBAE9B0AEA7697753FCDBC353D42FC38
    C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1040 bytes [11:24 13/03/2013] [11:24 13/03/2013] 81CB49289E90AF43C390454D529EA1E0
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1046 bytes [11:24 13/03/2013] [11:24 13/03/2013] DB2DD2072856A3DDC4D50208F3D8BD6A
    C:\Users\Guest\Desktop\iLivid.lnk --a---- 1038 bytes [11:24 13/03/2013] [11:24 13/03/2013] A7543542A85ECB937EF32EB970044AED

    Searching for "*IObit*"
    No files found.

    Searching for "*Iminent*"
    No files found.

    Searching for "*Searchqu*"
    C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\70Y9K715\www.searchquotes[1].xml --a---- 13 bytes [19:37 14/04/2013] [19:37 14/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

    Searching for "*Searchnu*"
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 5120 bytes [05:22 14/03/2013] [13:10 21/04/2013] 0D37AC5EDCB63EF2FAAA5D89BE14346E
    C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 5672 bytes [05:22 14/03/2013] [13:10 21/04/2013] 820BD804DCC6F87E85D107FDAE69C7C8

    Searching for "*Tarma*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    Searching for "*vshare*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*Yontoo*"
    No files found.

    ========== folderfind ==========

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Community*"
    No folders found.

    Searching for "*Conduit*"
    No folders found.

    Searching for "*datamngr*"
    C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr d------ [11:23 13/03/2013]
    C:\Users\Jose Teves\AppData\LocalLow\DataMngr d------ [16:02 07/07/2012]

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*iLivid*"
    C:\Users\Guest\AppData\Local\iLivid d------ [11:23 13/03/2013]
    C:\Users\Guest\AppData\Local\iLivid\iLivid d------ [11:24 13/03/2013]

    Searching for "*IObit*"
    No folders found.

    Searching for "*Iminent*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Tarma*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    Searching for "*vshare*"
    No folders found.

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*Yontoo*"
    No folders found.

    ========== Regfind ==========

    Searching for "Bandoo"
    No data found.

    Searching for "Community"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1372A97E-2034-41ee-A6C1-1B68FAFA75A1}]
    @="CLSID_ICommunityTransport"

    Searching for "Conduit"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]

    Searching for "datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
    "AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

    Searching for "Fun4IM"
    No data found.

    Searching for "iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]

    Searching for "IObit"
    No data found.

    Searching for "Iminent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RASMANCS]

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"

    Searching for "Searchnu"
    [HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
    "HomePage"="http://www.searchnu.com/406"
    [HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
    "HomePage"="http://www.searchnu.com/406"

    Searching for "Tarma"
    No data found.

    Searching for "trolltech"
    No data found.

    Searching for "vshare"
    No data found.

    Searching for "whitesmoke"
    No data found.

    Searching for "Yontoo"
    No data found.

    -= EOF =-
     
  11. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    340
    Hi relicon,

    Please run the following:

    Step 1.
    Run OTL Script

    We need to run an OTL Fix


    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :commands
      [createrestorepoint]
      
      :Reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CADC7FBB-79CC-44C3-8F60-FB76FFEF7900}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SAPI32]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup{2_RA SMANCS]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      [-HKEY_CURRENT_USER\Software\InboxAce_1g\bar]
      [-HKEY_USERS\S-1-5-21-2248509849-1098968737-2228260666-1003\Software\InboxAce_1g\bar]
      
      :Files
      C:\Users\Guest\AppData\Local\iLivid
      C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
      C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
      C:\Users\Guest\Desktop\iLivid.lnk
      C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage
      C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal
      C:\Users\Guest\AppData\Local\VirtualStore\Program Files (x86)\Search Results Toolbar\Datamngr
      C:\Users\Jose Teves\AppData\LocalLow\DataMngr
      
      :Commands
      [EMPTYTEMP]
      
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    • Please post the contents of report in your next reply.


    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



    Step 2.
    SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    • Right-click SystemLook.exe and select " Run as administrator " to run it.
    • Copy the content of the following codebox into the main textfield: Do not include the word Code
      Code:
      :filefind
      *AskToolbar*
      *Ask.com*
      *Babylon*
      *searchab*
      *Funmoods*
      *iLivid*
      *Searchnu*
      *smartbar*
      *Vafmusic2*
      
      :folderfind
      *AskToolbar*
      *Ask.com*
      *Babylon*
      *searchab*
      *Funmoods*
      *iLivid*
      *Searchnu*
      *smartbar*
      *Vafmusic2*
      
      :Regfind
      AskToolbar
      Ask.com
      Babylon
      searchab
      Funmoods
      iLivid
      Searchnu
      smartbar
      Vafmusic2
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  12. relicon

    relicon Thread Starter

    Joined:
    Sep 21, 2007
    Messages:
    44
    I'm sorry I should have told you this earlier.

    My grandma already left; she spent living at home with us for 3 days.

    It was actually her laptop that needed to be fixed. The good news is she told me that there is definitely a big difference.

    No more pop ups, virus messages, and redirects. I greatly appreciate all of your time and expertise, your consistent and helpful instructions on this case made her laptop behave very well again.

    Thank you so much for helping me fix my grandma's laptop! We are both happy.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1104710