# 999



## sweetrose

can somone tell why i get 999 alot and how to stop it


----------



## eddie5659

Hiya

Are you still having this problem? if so, when you say 999, do you mean a popup from the Police?

If so, can you do this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log, SUPERAntiSpyware Scan Log and checkup.txt *in your next reply

eddie_


----------



## eddie5659

emjo, its easier to reply in the thread, than a visitor message 

As its about Yahoo, this is what Yahoo says:

http://help.yahoo.com/kb/index?page...archid=1343458439094&locale=en_US&y=PROD_ACCT

Have you tried all of those ideas? If you have, we'll look to see if any malware/viruses are causing the problems 

eddie


----------



## sweetrose

sorry and thanks.yes its yahoo boards when i try and post i get 999 that means i can,t post


----------



## eddie5659

That's okay 

So, if you have a look at the above link I posted from Yahoo, it offers some ideas to resolve it. If you try some of them, if you have another computer to test out the connection.

If you still have the error, then I'll post some things so that we can look at the posibility of malware 

eddie


----------



## sweetrose

thankyou eddie thats kind of you i will try that


----------



## eddie5659

No problem 

Just to let you know I'll be offline in an hour, but once you reply here, I'll have an email saying I have a reply, so I'll get to it as soon as I can


----------



## sweetrose

ok i will be of then to.


----------



## eddie5659

Any joy with the link?


----------



## sweetrose

hello eddie, no. one day 999 is on then it gos ,how are you and thanks for yr help


----------



## eddie5659

I'm fine, back after the weekend, as I tend to be busy for those two days 

Okay, lets see if you have anything that could be causing this:

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:



Code:


netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT


Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## sweetrose

so you work alot then,
do want me to dowlode


----------



## eddie5659

Well, I work mon-fri but tend to go out at the weekend, so not always near a computer 

Yep, if you download the OTL from above, and then copy/paste the extra bit I posted, into the Custom Scans/Fixes box and press the Quick Scan button.

Two notepads should appear, so if you copy/paste that info here, that would be great


----------



## sweetrose

ok its downloading now.will let you no w hapens, are yoou at work now


----------



## eddie5659

Nope, at home but only online till 10pm, which is 2hrs away


----------



## sweetrose

like me then its bad


----------



## eddie5659

But I'm here most nights, except Fridays, as its gaming night. Always has been from years.

Still, I can look at the forum when at work, in my lunch-hour


----------



## sweetrose

wot games is it you play , and our long will this otl take as its still running


----------



## eddie5659

OTL may take a while, as it has to scan all the computer. Be patient with it, and the logs will appear 

Only the one game: Battlefield 3. Have you heard of it?


----------



## sweetrose

right iv done it all now


----------



## sweetrose

the scaan is done and iv copy it,now wot do i do,.
no not herd of that game


----------



## eddie5659

If you right-click inside the first Notepad, called OTL, and on the options press Select All. Then, right-click again and slect Copy.

Then, in your reply here, right-click in the box and select Paste. 

Once that reply is done, do the same again for the Extras, so that there are two replies.

--

Battlefield 3 is a shooting game, so if you haven't heard of it, it may not be your type of thing


----------



## sweetrose

done all that,


----------



## eddie5659

Its not showing here 

Okay, posting some screenies to help 

So, this is just a random bit of Notepad, so if you click Menu at the top and press on Select All:










Then, it will look like this:










Back to Menu, and select Copy:










And in this site, rightclick at the bottom and select Paste:










And then press Quick Reply:


----------



## sweetrose

iv done al that .


----------



## sweetrose

https://login.yahoo.com/config/logi...d%3D267958%26mid%3D587315%26tof%3D2%26frt%3D2
hi


----------



## eddie5659

Can you paste it into the forum, in your reply, as there is no log's showing here.

This is an example of what it looks like here:

http://forums.techguy.org/8402679-post7.html


----------



## sweetrose

iv done that,so wot will happen


----------



## sweetrose

yr going of soon ,


----------



## eddie5659

I can't see it. Where have you pasted it? If its at Yahoo I can't view it, can you post it here.


----------



## sweetrose

https://login.yahoo.com/config/logi...d%3D267958%26mid%3D587315%26tof%3D2%26frt%3D2


----------



## eddie5659

You need to paste it here, into your reply where you type, as I don't have an account at Yahoo. Can you copy/paste the OTl and Extra notepad contents here, so I can see them


----------



## sweetrose

now i can,t find it i may have to do it again,


----------



## eddie5659

The two Notepad files will be on your Desktop, or the same place where you saved OTL originally. 

Then, just paste the info here


----------



## sweetrose

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 13.59% Memory free
3.74 Gb Paging File | 1.49 Gb Available in Paging File | 39.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 76.70 Gb Free Space | 65.87% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


----------



## eddie5659

Well, that's a start, but you're missing a lot of the info in the logs. That's just the top of the log 

If you Select All of the notepad contents, it should be a lot longer 

Off in a min, but will check in the morning at work


----------



## sweetrose

ok.will get the ones thats missing,and post,
goodnight andthanks,


----------



## eddie5659

Oki doki 

Have a good night, and I'll have a look tomorrow. Any problems, just ask 

eddie


----------



## sweetrose

morning eddie,can you tell me who you are .as wot i will send you as everythink that i go on


----------



## eddie5659

Hi

Well, I'm trained in malware removal and a Moderator at this forum, so trust is a big thing 

The logs that are produced by this, and other tools, are used by the majority of security people out there, to remove or look for possible signs of malware/viruses.

Does that answer your question?

eddie


----------



## sweetrose

yes and thankyou,eddie,

i can,t find that link that i save on the notbook,
are you going of yet


----------



## eddie5659

I got in from work about 30 mins ago, so totally shattered, so may go to sleep, as I'm dropping off. Only work late once a week, but it does tire you out that night 

Do you still have the OTL and Extras log? Those are the ones I'm after. You started to post one here:

http://forums.techguy.org/8471793-post35.html

If you can copy/paste the contents of each log here, that would be great. It may need two replies, as each one may be long


----------



## sweetrose

don,t think i have the otl now,will look so will look.
will post them to you,have a good night eddie,talktomorrow


----------



## eddie5659

Did you not download the OTL to your computer?

Have a look here and see if these two are there:

C:\Users\ann\Downloads

OTL.txt
Extras.txt


----------



## sweetrose

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 13.59% Memory free
3.74 Gb Paging File | 1.49 Gb Available in Paging File | 39.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 76.70 Gb Free Space | 65.87% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 19:50:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Downloads\OTL (2).exe
PRC - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/03 18:26:08 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/17 03:41:20 | 001,641,184 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2012/06/17 19:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/04/26 14:08:24 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/04/22 10:51:17 | 001,883,536 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2012/04/16 14:27:24 | 000,025,464 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/03/06 11:23:40 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/24 16:21:26 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011/11/03 18:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/28 07:33:55 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\2.bin

PRC - [2011/08/28 07:33:55 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE
PRC - [2011/08/28 07:33:55 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE
PRC - [2011/08/11 07:07:31 | 000,238,960 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\HiYo\Bin\HiYo.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/06/03 17:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/03 18:26:08 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/08/30 03:58:45 | 000,442,392 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 03:58:44 | 012,237,336 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 03:58:42 | 003,997,720 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 03:57:27 | 000,526,872 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 03:57:26 | 000,104,984 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 03:57:15 | 000,144,424 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 03:57:13 | 000,266,792 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 03:57:12 | 002,480,680 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/08/11 07:07:31 | 000,542,104 | ---- | M] () -- C:\Program Files (x86)\HiYo\Bin\AppServerCommunication.dll
MOD - [2011/08/11 07:07:31 | 000,031,616 | ---- | M] () -- C:\Program Files (x86)\HiYo\Bin\IMHttpComm.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/03 18:26:08 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/08/30 03:58:45 | 000,442,392 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/30 03:58:44 | 012,237,336 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/30 03:58:42 | 003,997,720 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/30 03:57:27 | 000,526,872 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/30 03:57:26 | 000,104,984 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/30 03:57:15 | 000,144,424 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/30 03:57:13 | 000,266,792 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/30 03:57:12 | 002,480,680 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/08/11 07:07:31 | 000,542,104 | ---- | M] () -- C:\Program Files (x86)\HiYo\Bin\AppServerCommunication.dll
MOD - [2011/08/11 07:07:31 | 000,031,616 | ---- | M] () -- C:\Program Files (x86)\HiYo\Bin\IMHttpComm.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
roadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/03 18:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/16 08:10:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/24 16:11:18 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
(ZTEusbnmea)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:*64bit:* - [2010/05/20 14:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:*64bit:* - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:*64bit:* - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:*64bit:* - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/02/21 01:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:*64bit:* - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:*64bit:* - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

(Inbox.com, Inc.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKCU\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2011082802&ptnrS=ZUman000&si=&n=77deb032&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&q=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={91AAAA7E-22F1-4FDE-BE01-003A27F6E136}&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&lang=en&ds=AVG&pr=fr&d=2012-08-25 20:44:29&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}
"ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.32
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=289&systemid=101&sr=0&q="
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: 
"ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.32
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=289&systemid=101&sr=0&q="
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18:

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=289&systemid=101&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Shopping Sidekick) - {11111111-1111-1111-1111-110011501158} - C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HiYo Bar Toolbar) - {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - C:\Program Files (x86)\HiYo_Bar\prxtbHiY0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (HiYo Bar Toolbar) - {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - C:\Program Files (x86)\HiYo_Bar\prxtbHiY0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (HiYo Bar Toolbar) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - C:\Program Files (x86)les (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Hiyo] C:\Program Files (x86)\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:*64bit:* - Protocol\Handler\inbox - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
oo\BndHook.dll (Discordia Limited)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/17 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{097A9D80-AFE1-41E8-B4A1-CDEDE0424AC9}
[2012/09/16 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{02E3BE57-47E9-4031-BC35-6F0DD5C5C951}
[2012/09/16 07:56:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1DF464DC-322A-4504-9A1F-1BC6D5D6B3A2}
[2012/09/15 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{760ED3BF-BC3E-462C-8926-F8E77F55B330}
[2012/09/14 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C5958D5E-C5C8-43FB-A92D-E03935447FE7}
[2012/09/14 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8D8DB310-BE1D-41C8-8B43-DC3062539586}
[2012/09/13 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5399B4BE-3499-46F0-BB3B-04BC5E7B1738}
[2012/09/13 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB322788-F238-4333-A1D1-293B6FFE95FB}
[2012/09/12 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B267A62A-1FB7-4DAD-BFAD-1428976D4DC0}
[2012/09/12 07:07:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 07:07:49 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 07:07:48 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 07:07:48 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 06:59:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3AC91806-63C4-4436-87D5-B04598F25B32}
[2012/09/11 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B532A65-56C4-40CC-A328-91F7B8CB4038}
[2012/09/11 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E69C7266-1583-4BD4-AA5E-629492B40D41}
[2012/09/11 08:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/10 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DEA5DBC0-CE63-4885-9085-814E0E9A6A16}
[2012/09/10 09:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{41B6C847-3C46-4874-8077-A19116383EB4}
[2012/09/09 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{28F13F61-B31F-4C24-B0C2-F29A0978947C}
[2012/09/09 07:40:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB8EBC2E-8E24-4CBC-A6A9-9B31AD936071}
[2012/09/08 15:01:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{39129812-5EDC-420F-9550-5CBD1B2EB019}
[2012/09/08 15:01:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7341167F-A63
34481BC65D53}
[2012/09/07 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{063041B0-9A1C-40B9-9B84-7EC81676F756}
[2012/09/07 06:55:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{01742609-ADEA-4F15-94F8-A834753B786A}
[2012/09/06 14:45:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{128D4B7D-0A31-4CFC-BBA9-B6D0B17E1EF9}
[2012/09/05 14:15:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2ADB46EB-D746-4329-99CA-C297AD86B934}
[2012/09/04 22:15:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{77ED3FE3-7086-4471-9140-A72399CBB0E8}
[2012/09/04 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5106F439-788B-4F11-B702-C323F0ECE2BE}
[2012/09/03 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{94D0AF61-DF1E-4928-9C3C-2B7E7D36E55C}
[2012/09/03 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B934A636-2096-484E-8DF6-647A2E8C0D66}
[2012/09/02 17:18:16 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/09/02 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/09/02 17:18:15 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/09/02 17:18:15 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/09/02 17:18:15 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012/09/02 17:18:15 | 000,512,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2012/09/02 17:18:15 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/09/02 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/02 17:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Mechanic
[2012/09/02 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{20F10AE0-E283-43DE-AC16-2E55610BC325}
[2012/09/01 21:19:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8E0A19DB-0276-4238-9ECA-6A18D59F81A2}
[2012/09/01 17:24:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AAEFB947-DEF3-4AE6-9AB8-1033039029D3}
[2012/08/31 15:22:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DBE68CD3-FCBB-41CC-B30E-ABB64FDC2BC4}
[2012/08/30 19:56:57 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DEF3AD8A-3E33-41EC-BEF0-6900620C7257}
[2012/08/30 07:56:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{320D46DD-04FB-4997-95AC-E256AD4C0966}
[2012/08/30 07:51:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3A326B17-D660-4905-BEBF-D400B54939C9}
[2012/08/29 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1A7024A1-4C2F-4779-8548-85704931B470}
}
[2012/08/28 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6760FB80-CAC9-4B14-B99F-A668952476FA}
[2012/08/27 21:15:51 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{967926C8-1B3A-4A73-AA94-F68A5AB652D1}
[2012/08/27 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB3CDE5C-6BCA-4270-B261-76956FCA4658}
[2012/08/27 09:14:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EC412419-B0DE-4C11-9D7C-90157776DAD1}
[2012/08/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A4B5AB05-7E18-43CF-A2A7-B49C7DC9054F}
[2012/08/27 08:57:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5E8F4BAA-DF37-462B-82F7-7BFBD86BE2C6}
[2012/08/26 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FC914FE3-DB38-4B67-8371-9E528E5D9678}
[2012/08/26 08:35:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F0F87494-D3F2-43C0-8520-B352DC074A61}
[2012/08/25 20:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/25 20:37:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\BabylonToolbar
[2012/08/25 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Mozilla
[2012/08/25 20:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Mozilla
[2012/08/25 20:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/08/25 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/25 20:35:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/08/25 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/08/25 20:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/08/25 20:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/25 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/08/25 14:05:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0B19467F-240C-4C17-817F-0D256ACB5057}
[2012/08/24 19:22:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0808FB98-4D3C-460B-B433-3E23ED9ECACE}
[2012/08/24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/08/24 07:21:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A5449DFF-4F8C-4D60-8207-252BFB9C7CBD}
[2012/08/23 19:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2012/08/23 19:20:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E1AAC4BB-7712-4F95-ADA3-686EC4B878D0}
[2012/08/23 07:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4EAE583A-962D-4EAE-A5BB-16092F4C156F}
[2012/08/22 14:07:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{32C0FAE9-7584-45FA-A4AC-802CCA6BCE48}
[2012/08/21 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CF1217D4-88FE-4622-93AC-9F2DCB3A11E4}
[2012/08/21 07:19:38 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3D9C01D2-46DA-45F6-9B1C-7FF4E14A3D94}
[2012/08/20 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CE3FE54F-088D-4D49-824C-EA81712A59F7}
[2012/08/20 05:42:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{792833E8-9092-47FA-8AB1-3A5D5991AB76}
[2012/08/19 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0E5D6E12-4120-449C-805E-CF215267E0CA}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
}
[2012/08/28 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6760FB80-CAC9-4B14-B99F-A668952476FA}
[2012/08/27 21:15:51 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{967926C8-1B3A-4A73-AA94-F68A5AB652D1}
[2012/08/27 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB3CDE5C-6BCA-4270-B261-76956FCA4658}
[2012/08/27 09:14:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EC412419-B0DE-4C11-9D7C-90157776DAD1}
[2012/08/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A4B5AB05-7E18-43CF-A2A7-B49C7DC9054F}
[2012/08/27 08:57:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5E8F4BAA-DF37-462B-82F7-7BFBD86BE2C6}
[2012/08/26 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FC914FE3-DB38-4B67-8371-9E528E5D9678}
[2012/08/26 08:35:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F0F87494-D3F2-43C0-8520-B352DC074A61}
[2012/08/25 20:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/25 20:37:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\BabylonToolbar
[2012/08/25 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Mozilla
[2012/08/25 20:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Mozilla
[2012/08/25 20:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/08/25 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/25 20:35:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/08/25 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/08/25 20:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/08/25 20:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/25 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/08/25 14:05:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0B19467F-240C-4C17-817F-0D256ACB5057}
[2012/08/24 19:22:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0808FB98-4D3C-460B-B433-3E23ED9ECACE}
[2012/08/24 15:43:16 | 000,384,352 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/08/24 07:21:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A5449DFF-4F8C-4D60-8207-252BFB9C7CBD}
[2012/08/23 19:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2012/08/23 19:20:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E1AAC4BB-7712-4F95-ADA3-686EC4B878D0}
[2012/08/23 07:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4EAE583A-962D-4EAE-A5BB-16092F4C156F}
[2012/08/22 14:07:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{32C0FAE9-7584-45FA-A4AC-802CCA6BCE48}
[2012/08/21 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CF1217D4-88FE-4622-93AC-9F2DCB3A11E4}
[2012/08/21 07:19:38 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3D9C01D2-46DA-45F6-9B1C-7FF4E14A3D94}
[2012/08/20 17:48:27 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CE3FE54F-088D-4D49-824C-EA81712A59F7}
[2012/08/20 05:42:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{792833E8-9092-47FA-8AB1-3A5D5991AB76}
[2012/08/19 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0E5D6E12-4120-449C-805E-CF215267E0CA}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]B-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 20:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
ocal\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 15:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 15:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 17:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 17:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 19:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 19:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 12:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 11:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 14:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 14:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 14:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 14:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 13:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 14:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 08:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 21:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 18:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 08:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 08:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 9/16/2012 11:04:26 AM | Computer Name = ann-TOSH | Source = DCOM | ID = 10010
Description =

Error - 9/16/2012 1:48:09 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 9/17/2012 9:23:43 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 9/17/2012 11:07:11 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 9/17/2012 2:00:45 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the

that is it,


----------



## eddie5659

That's one of them, could you see the Extra's txt file? If not, we'll leave that for now 

Okay, looking through it I see a ton of stuff that is malware. So, lets start to clear that all up, as that will be a number one cause of the error's.

We'll do each thing, one at a time. Any questions, please ask, and I'll answer each one. I prefer to have people ask, then to get lost and get worried about things 


-----------

Just rememberd, before you run this tool (in case your email preview shows a different reply), there is a file I would like to take a look at. Posting this, and will reply in a min


----------



## sweetrose

thankyou eddie this is so good of you,iv done a virus scan and it seems ok,


----------



## eddie5659

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\Program Files (x86)\HiYo\Bin\HiYo.exe
> C:\Program Files (x86)\HiYo_Bar\prxtbHiY0.dll
> C:\Program Files (x86)les (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
> *


Let me know when they're uploaded


----------



## eddie5659

whoops, posted in the middle of your reply 

Did you do the scan with Malwarebytes' Anti-Malware? If so, can you post the log.

If a different virus scanner, which one was it?

Also, can you see if you can still grab those files for me


----------



## sweetrose

i can,t dowlode tha link you give me. i have avg virus


----------



## eddie5659

*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. 
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards*

In the link, look at the top of the page on how to disable AVG, as different versions have different methods.

Then, try the downloads again.


----------



## sweetrose

not sure wot to do,am i a pain,lol


----------



## eddie5659

Not at all, we all had to start somewhere 

Open the AVG Control Center, by right-clicking on the AVG icon on task bar.

Click on Open AVG User Interface.
On the Menu Bar, click on Tools, then click Advanced Settings.
In the screen which opens, scroll down to Temporarily disable AVG protection.
Click on it to highlight and in the right hand pane, check the box for Temporarily disable AVG protection.
Click Apply.
In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button and click OK.
To re-enable, just check Enable on the main GUI interface. You may also need to click Fix (enable becomes Fix if all components do not start).

-------

That is for 2011 version, but you have 2012, so it should be the same. 


However, AVG is known to cause problems with some of the tools we use, so it may be better to uninstall it and use something else, like Avast.

I can explain how soon, but first just try to disable as above, and if that works, try the program so that we can get those files 

eddie


----------



## sweetrose

it wont all pop up,,and yr going of soon,


----------



## eddie5659

Okay, see if this clip helps:






Just doubleclick the AVG icon on your desktop to open it. It says 2011, but it should work for 2012.


----------



## eddie5659

If you can disable it as above, and get the file, that would be great. Then, grab the files for uploading like I mentioned.

I'm off in 10mins, but will be here tomorrow


----------



## sweetrose

got all that but where should i go from there,i say night to you and tlk tomorrow,


----------



## eddie5659

I take it you've now managed to disable AVG 

I've re-posted what to do next 

Night night 

-----------------

Download suspicious file packer from http://www.safer-networking.org/files/sfp.zip

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop.



> *
> C:\Program Files (x86)\HiYo\Bin\HiYo.exe
> C:\Program Files (x86)\HiYo_Bar\prxtbHiY0.dll
> C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
> *


Please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files.

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file.

Let me know when they're uploaded


----------



## sweetrose

sorry i sitll don,t no want to do.i downlode sfp.and went on to suspicous fils. wwhat fil do i look for on me desktop/]


----------



## eddie5659

As you have the sfp on your desktop, or where ever you downloaded it, you will need to extract it.

To do so, right-click on the sfp and select *Extract All*.

A window will appear like this:










At the bottom, press the *Extract* button:










and the window will close. By default, the extracted file will be in a folder in the same location as you have the sfp zip file.

Open the folder, and inside will be the sfp program.

Open the program, and you will see this:










Now, copy/paste the below text:

*



C:\Program Files (x86)\HiYo\Bin\HiYo.exe
C:\Program Files (x86)\HiYo_Bar\prxtbHiY0.dll
C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll

Click to expand...

*into the empty box:










Click the Continue button (I can't do it as I don't have the files) to create the archive:

Now, this is created on your Desktop. It will let you know what it is called on the program.

Close the program by pressing the X as normal.

--

Now, go here:

http://www.thespykiller.co.uk/index.php?board=1.0

Just press new topic, fill in the needed details and just give a link to your post here, which is:

http://forums.techguy.org/virus-other-malware-removal/1068054-999-4.html

Then, press the browse button and then navigate to & select the file on your computer (the one you just created as above), When the file is listed in the windows press send to upload the file.

eddie


----------



## sweetrose

i can,t find them proams ,


----------



## sweetrose

progams,hiyo


----------



## eddie5659

You don't need to find them, just use the sfp program, and copy/paste the info I posted. The program will find them, and create a zipped file.

http://forums.techguy.org/8474521-post60.html

They're showing on your computer, but may be hidden.

Once I have a copy of these, we'll remove the malware etc that you have.


----------



## sweetrose

ok ,just having a bath and get on to it,how was yr day today,


----------



## eddie5659

Not so bad, but looking forward to the weekend.

I'll be here till 10ish, maybe 11pm tonight


----------



## sweetrose

cant find the zip downlod


----------



## sweetrose

fand this 
http://www.hiyo.com/english/Faq.aspx


----------



## eddie5659

For the sfp, this is the file:

http://www.safer-networking.org/files/sfp.zip

Thanks for the info on hiyo, its just that one of the files it uses is a type of malware, and can be a cause of the problems, which is why I want to look at it


----------



## sweetrose

i can,t do anythink elst .its not working


----------



## eddie5659

Okay, lets leave sfp alone, as I can have a look at those files later on 

Can you do this for me instead, so we can start to remove the infections.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*


----------



## sweetrose

ok im doing it now,


----------



## sweetrose

wot about the avg one


----------



## eddie5659

AVG is okay to leave for now. Have you disabled it using the video clip I posted?

If not, it should be okay to run it with AVG still running.


----------



## sweetrose

its scaning now


----------



## sweetrose

thanks eddie.everythink has been scan


----------



## eddie5659

Excellent. Can you post the log it created. It should have popped up after it finished.

If not, we'll work thru this step by step. As they say, a picture tells a thousand words 

So, as you have run MBAM, this is how to get the log and attach it 

Firstly, go to Start | programs, and open up Malware Bytes AntiMalware. Most call it MBAM for short.










Then, click on the Logs tab:










Now, select the log which you removed the files. Normally its the latest one. Click on it to highlight it, then select Open in the bottom left:










Now, a notepad will open up. Mine is blank, but yours will have the 100 or so items in. Click on Edit | Select All:










and then when its all selected, click Edit and this time, Copy:










Now, come along to Tech Support Guy, and at the bottom of your post, will be this, which you'll be used to seeing:










Now, right-click inside the box, and select paste, to produce this:










and then click on Post Quick Reply:


----------



## sweetrose

i can,t get back on there to open it


----------



## eddie5659

Back on where, to MalwareBytes Antimalware?

If you go to either Start | Programs, you should be able to open the program.

Or, click on the icon it creates on the desktop.


----------



## sweetrose

1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

Protection: Enabled

20/09/2012 21:35:36
mbam-log-2012-09-20 (21-35-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P


----------



## sweetrose

Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 3308 -> No action taken.

Memory Modules Detected: 4
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 161
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> No action taken.
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> No action taken.
HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PU

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No 

HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.

HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
n.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nllafhekklanfkimibokomlmidmcmaoi (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA
antined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Qu
rsion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 21
C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Screen
\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

Files Detected: 94
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\Ples (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

Files Detected: 94
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files
arch\bar\2.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\P Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickGui.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Users\ann\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\ann\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Progin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bram Files (x86)\MyWebSearc
(x86)\MyWebSearch\bar\2.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (

(x86)\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch
86)\MyWebSear(x86)\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\M


----------



## sweetrose

thats it,bet yr of to bed now,and yr out tomorrow night ,nigt,eddie


----------



## eddie5659

I am in a minute, but none of those files were removed 

Can you re-run MBAM again, but when the scan has finished, can you do this:

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

After restarting (if needed) can you paste the new log


----------



## eddie5659

Also, try to put all the log on, as some of it was cut off above 



> C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
> C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
> C:\Program Files (x86)\M


----------



## sweetrose

is this wot you want..

lwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

Protection: Enabled

21/09/2012 14:03:25
mbam-log-2012-09-21 (14-03-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200359

www.malwarebytes.org

Database version: v2012.09.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

Protection: Enabled

21/09/2012 14:03:25
mbam-log-2012-09-21 (14-03-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200359
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 3292 -> No action taken.

Memory Modules Detected: 3
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.

Registry Keys Detected: 137
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -

Registry Keys Detected: 137
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> No action taken.
HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.

taken.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.

HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No

HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No

action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
en.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFB

action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) 
-> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> 
ction taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken
ebSearch) -> No action taken.

Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shoppi

-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\Software\InstalledBrowserExtensions\215 Apps|5058 (PUP.CrossFire.SA) -> Data: Shopping Sidekick -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick|Publisher (PUP.CrossRider.SSK) -> Data: 215 Apps -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 21
C:\Program Files (x86)\Shopping Sidekick (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3HTML.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKIN.DLL (PUP.MyW
earch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MSG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ico (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.ini (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickGui.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> No action taken.
C:\Users\ann\Local Settings\Application Data\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\ann\AppData\Local\Shopping Sidekick\Chrome\Shopping Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWeb
en.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Pro taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No acten.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No actiogram Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action tak
\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action takion taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat


----------



## eddie5659

In a way, but none of the files have been removed:



> Memory Modules Detected: 3
> C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
> C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
> C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.


When you run it again, you will be given the option to remove the selected items (they all get ticked by default).

So, leave them ticked then select Remove, then the post will look something similar to these:

http://forums.techguy.org/6538133-post3.html


----------



## sweetrose

hello.i did do wot you told me,will try again now


----------



## sweetrose

im scanig it again now


----------



## sweetrose

tes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

Protection: Enabled

21/09/2012 18:53:37
mbam-log-2012-09-21 (18-53-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200167
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{
-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0


----------



## eddie5659

Okay, that looks like a lot has gone, so onto the next program:

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

eddie_


----------



## sweetrose

im doing it now.but it went funy


----------



## eddie5659

What went funny? The computer or SuperAntiSpyware?


----------



## sweetrose

its ok now its runing,


----------



## eddie5659

oki doki


----------



## sweetrose

this is taking a long time eddie..and our was yr weekend


----------



## eddie5659

It may take a while, as there will be a few things its looking for. Don't forget to remove the files it says its found 

The weekend went well, just didn't get to slppe until about 3am on Saturday morning, so was a bit tired at the weekend.

Still, work was better today, inbetween the heavy rain


----------



## sweetrose

bet you was tired ,,,its still raing here to,will let you no when its all done,


----------



## eddie5659

I was quite tired, but it was my own fault. Started gaming at 7pm, and normally finish at 12am. Then, someone that hasn't played in a while logged on, so off I went for another 3 hours


----------



## sweetrose

you no my son who is 19 and at uni,would play games on the net all night tell 6 in morning,,so i see where yr coming from.
i take it you dont have a wife


----------



## eddie5659

Well, I'm not that bad, as the servers I play in tend to get empty towards the start of 12am etc 

Nope, no wife, so as you can tell, I can play games anytime


----------



## sweetrose

you seem to no alot alot about the net,and you like yr games.to. my son is doing IT at uni and would he help No,hes like you with the games,lol


----------



## sweetrose

so meny cookies


----------



## eddie5659

IT is a good area to get into, but there are many different things to do, its a vast subject.

Are cookies the only thing its found? Can you post the log when its done.


----------



## sweetrose

it looks like all cookies and yes i will post themto you.its been runing along time now,


----------



## sweetrose

Log
http://www.superantispyware.com

Generated 09/24/2012 at 10:28 PM

Application Version : 5.5.1022

Core Rules Database Version : 9281
Trace Rules Database Version: 7093

Scan type : Complete Scan
Total Scan Time : 02:19:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 565

http://www.superantispyware.com

Generated 09/24/2012 at 10:28 PM

Application Version : 5.5.1022

Core Rules Database Version : 9281
Trace Rules Database Version: 7093

Scan type : Complete Scan
Total Scan Time : 02:19:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 65486
Registry threats detected : 173
File items scanned : 64515
File threats detected : 7946

PUP.BabylonToolbar
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID
(x86) HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\Babylon.dskBnd.1
(x86) HKCR\Babylon.dskBnd.1\CLSID


----------



## sweetrose

eddie im of to bed ,will try it tomorrow.night.............


----------



## eddie5659

Just looking at this before I fully go to sleep, but it looks like the log isn't complete. It says here:

Registry threats detected : 173
File threats detected : 7946

But the log details you've posted is only 12 Registry threats.

Can you post all of them? If needbe, post over a few replies.


----------



## eddie5659

It may be better to upload it, so that all the log is here. I can always paste it in my reply, for ease 

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *SUPERAntiSpyware Scan Log*.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## sweetrose

i don,t no ,im stil copying them to u


----------



## sweetrose

http://www.superantispyware.com

Generated 09/25/2012 at 03:16 PM

Application Version : 5.5.1022

Core Rules Database Version : 9284
Trace Rules Database Version: 7096

Scan type : Complete Scan
Total Scan Time : 01:46:03

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 562

http://www.superantispyware.com

Generated 09/25/2012 at 03:16 PM

Application Version : 5.5.1022

Core Rules Database Version : 9284
Trace Rules Database Version: 7096

Scan type : Complete Scan
Total Scan Time : 01:46:03

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 65501
Registry threats detected : 173
File items scanned : 64775
File threats detected : 7958

PUP.BabylonToolbar
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID
(x86) HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 65501
Registry threats detected : 173
File items scanned : 64775
File threats detected : 7958

PUP.BabylonToolbar
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID
(x86) HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\Babylon.dskBnd.1
(x86) HKCR\Babylon.dskBnd.1\CLSID
(x86) HKCR\Babylon.dskBnd
(x86) HKCR\Babylon.dskBnd\CLSID
(x86) HKCR\Babylon.dskBnd\CurVer
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARTLBR.DLL
(x86) HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{98889811-442D-49dd-99D7-DC866BE87DBC}
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARAPP.DLL
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARENG.DLL
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARSRV.EXE
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BH\
(Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 65501
Registry threats detected : 173
File items scanned : 64775
File threats detected : 7958

PUP.BabylonToolbar
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID
(x86) HKLM\Software\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
(x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKCR\Babylon.dskBnd.1
(x86) HKCR\Babylon.dskBnd.1\CLSID
(x86) HKCR\Babylon.dskBnd
(x86) HKCR\Babylon.dskBnd\CLSID
(x86) HKCR\Babylon.dskBnd\CurVer
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS
(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARTLBR.DLL
(x86) HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{98889811-442D-49dd-99D7-DC866BE87DBC}
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARAPP.DLL
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARENG.DLL
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BABYLONTOOLBARSRV.EXE
C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.6.4.6\BH\
5CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C
EB53906}\TypeLib
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94B
E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6
5244F69}\ProxyStubClsid32
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDA
C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-87557953
8755795359EC}\TypeLib
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
5A6A3DD375CC}
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x64) HKCR\4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\RICHED20.DLL

Adware.Tracking Cookie
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ad.wsod ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /adviva ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /tribalfusion ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /www.windowsmedia ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\EKQFP0B4.txt [ /zedo.com ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\9AQWD2XY.txt [ /atdmt.com ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\DCZMLSOR.txt [ /invitemedia.com ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\L0DBRX1G.txt [ /microsoftxbox.112.2o7.net ]
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\USU3F4Z5.txt [ /microsoftxbox.112.2o7.net ]
.ru4.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yahooads.valuead.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.122.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

.ru4.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.122.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trinitymirror.112.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES

.liveperson.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
\COOKIES ]
fr.sitestat.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE
.liveperson.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]\COOKIES 
A\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE
.liveperson.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE
R DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIESR DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIESR DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
R DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\
KIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
OOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER 
\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
ULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME
DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER D
\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\
ER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES .invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexintheuk.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexintheuk.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER 
DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATAIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER \USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA
LE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATAIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER \USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOG
\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
FAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFA
LT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\U
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\U
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\U
\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAU
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER 
DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
EFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEF
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER 
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
AULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAU
LT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
ULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
OCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES .invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAUL	.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
ATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DAT
AULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.iKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOnvitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
T\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAU
FAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAU
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
LT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAU.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKOOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE	.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\	.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\C
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOK
S ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
OOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKI
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubads.g.doubleclick.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.brighteroption.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES 
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT
ES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
KIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COO.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE
OKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CO
IES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\ANN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIE


----------



## sweetrose

still have more to do.yuk....lol


----------



## sweetrose

OAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SHOP.VIRGINMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SPECIFICCLICK ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATCOUNTER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATS.RENAULT.CO ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TRADEDOUBLER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRIBALFUSION ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRINITYMIRROR.112.2O7 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /USATODAY1.112.2O7 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /VIRGINMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WEBORAMA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /XITI ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /YIELDMANAGER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ZEDO ]

PUP.MyWebSearch
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

OAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SHOP.VIRGINMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SPECIFICCLICK ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATCOUNTER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATS.RENAULT.CO ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /TRADEDOUBLER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRIBALFUSION ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /TRINITYMIRROR.112.2O7 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /USATODAY1.112.2O7 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /VIRGINMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WEBORAMA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /XITI ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /YIELDMANAGER ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ZEDO ]

PUP.MyWebSearch
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /DC.TREMORMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /DOUBLECLICK ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /FASTCLICK ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /FLIGHTSTATS ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HOTELS-AND-DISCOUNTS ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /HOTELS.112.2O7 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /IE-STAT.BMMETRIX ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /IMRWORLDWIDE ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /INSIGHTEXPRESSAI ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /LIVEPERSON ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /MEDIA6DEGREES ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /MYROITRACKING ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /OVERTURE ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /PRO-MARKET ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /REVSCI ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /RICHMEDIA.YAHOO ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SALES.LIVEPERSON ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /RU4 ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SECURE.PARTYACCOUNT ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SERVER.LON.LIVEPERSON ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SHOP.VIRGINMEDIA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT
TA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
stat.ed.cupidplc.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
stat.upforitnetworks.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
static.freecamsexposed.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
track.socialclicks.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
track.webgains.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
tracking.onefeed.co.uk [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
vidii.hardsextube.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
vitamine.networldmedia.net [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
w3-media.net [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
www.alphaporno.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
www.pornerbros.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
www.pornhub.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
www.soundclick.com [ C:\USERS\ANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TED7BCAX ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADBRITE ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.CONTACTMUSIC ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AIMFAR.SOLUTION.WEBORAMA ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /APMEBF ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ATDMT ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /COUNTER.HITSLINK ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CLICKSOR ]
C:\USERS\ANN\APPDATA\ROAMING\MICROSOFT


----------



## sweetrose

did you get it all eddie


----------



## eddie5659

Yep, and I can see there were lots 

Okay, now lets see what needs to be updated, if anything next 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

As there still seems to be some problem with pasting here in the forum, as I saw the same thing many times, can you upload the following log as follows:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *checkup.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## sweetrose

ok..but i act scan again,


----------



## sweetrose

seems i have more cookies


----------



## sweetrose

Eddie i have the black box open and it saying health check but been like that a few mins now


----------



## sweetrose

this is wot you ask for

17's Security Check version 0.99.51 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Disabled! 
AVG Anti-Virus Free Edition 2012 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
XoftSpySE 
Malwarebytes Anti-Malware version 1.65.0.1400 
AVG PC Tuneup 
Java(TM) 6 Update 20 
*Java version out of Date!* 
Adobe Reader 9 *Adobe Reader out of Date!* 
Mozilla Firefox 13.0.1 *Firefox out of Date!* 
Google Chrome 21.0.1180.83 
Google Chrome 21.0.1180.89 
Google Chrome Plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
AVG avgwdsvc.exe 
AVG avgtray.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 10% 
*````````````````````End of Log``````````````````````*


----------



## eddie5659

Yep, that's the right one 

So, looks like you have a few things to update, so we can do that now.

Your Java is out of date, so lets do that first:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 7 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u7-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u5-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

---------------

Adobe Reader is out of date, so go here for the latest version.

http://get.adobe.com/reader/

*Untick* the box for *Yes, install McAfee Security Scan Plus - optional (0.98 MB)* before downloading and installing.

--------------

Firefox is out of date, so if you open a Firefox window. Then, at the top of the page, click on *Help* and then *About*. A screen will popup, saying its updating.

==================

Let me know if you have any problems with these, but if not, let me know when all updated, and we'll move to the next part


----------



## sweetrose

thanks Eddie will do that tomorrow,i no yr out tomorow night so if i don,t here from you have a really good weekend


----------



## eddie5659

I have the day off, so may be able to check in and see how it goes 

At night though, yes I'm not here. Weekend I should be around more, Saturday I'm out most of the day though


----------



## sweetrose

i just went to look andcan,t find window 1586


----------



## eddie5659

Will post some screenies, back in a min


----------



## sweetrose

ok as yr yr not doing anythink Eddi


----------



## eddie5659

Okay, this is the page you clicked on to get Java:










Now, press this button:










Accept the agreement:










Click to download the offline install:










And then follow the rest of the instructions I posted before


----------



## sweetrose

ok, now i can.t find that post...........


----------



## eddie5659

Its here 

http://forums.techguy.org/8480839-post118.html


----------



## sweetrose

iv dowlode java but i can,t do anythink that you as me to on there


----------



## sweetrose

EDDI..with all the dowlodes .m laptop is now slow


----------



## sweetrose

still my laptop is geting really slow now ,think its todo with all them downloads i have ,it was ok befor them,


----------



## eddie5659

Having the downloads on the computer shouldn't cause the slowness, as they're already downloaded.

When you downloaded the Java, all you have to do is double-click on it and it will install 

-----

However, in the meantime, I need a new log off you with OTL, as it will have changed since you ran the previous programs.

So, can you do this for me:


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
If you can't find it, look in *C:\Users\ann\Downloads*.
This is the icon you're looking for:










Now, when it opens, it looks like this:










On the section I've highlighted, select *Use SafeList*










And then select *All Users* From this part:










Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL, which will be *C:\Users\ann\Downloads*.

Then, upload them here, as some copy/pastes of the logs you're doing seem to have parts missing, and I need complete logs.

To do so, do this for each one:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.Txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## sweetrose

will try all that,but why is my laptop so slow now and my 999 is still on


----------



## eddie5659

Well, the 999 error could be down to many things, but I do know you have a lot of malware installed, which could be the cause. Once its all gone, you'll notice a big difference when browsing.

Is it only slow when on the internet or straight from when you start it up?


----------



## sweetrose

thanks,im still trying to find that wot you told me


----------



## eddie5659

It should be in the C:\Users\ann\Downloads folder. If not, get a fresh one from here, and again, it will probably download to the same location:

*OTL Link Here*


----------



## sweetrose

ok im doing it now


----------



## sweetrose

this comes up all the time
access violaton


----------



## sweetrose

at address cccc0460 read read of address 
as a big red cross on it .


----------



## sweetrose

it is not working


----------



## eddie5659

Not sure why it would do that 

As you're getting a lot of slowness, can you run this for me, and hopefully that will help. Let me know when that is done, and we'll do the next thing 

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean


----------



## sweetrose

hi Eddie..iv done all that


----------



## eddie5659

Great, hopefully that will help 

Now, can you go to the Control Panel and, depending on the setup, uninstall the following:

If you have it set to icons, then double-click on *Programs and Features*.
If its in Catagory view, then select *Uninstall a Program*

Now, in the list that appear, see if you can find the follwing and then ninstall these programs because they're not needed or are outdated or are dangerous to use.

Any that are not there, let me know, but uninstall any that you can.

*Windows Searchqu Toolbar
MyWebSearch
BabylonToolbar
Shopping Sidekick
iNTERNET_TURBO
ConduitEngine
PricePeep
FunWebProducts*

Let me know how it goes.


----------



## sweetrose

is this the one yr asking for.uninstall program


----------



## eddie5659

Yep, click on it to open, and a list should appear. May take a few seconds for it to fully load.

Then, look down for the first one, say

Windows Searchqu Toolbar

Then, click on it and at the top, select *Uninstall/Change*, and uninstall it


----------



## sweetrose

it says remove searchqu toolbar and all of its components


----------



## eddie5659

Yep, that's fine, as its just uninstalling that one program. When its finished, it should disspear from the list, then you can look for the next


----------



## sweetrose

see all green wrighting in a box


----------



## eddie5659

What do you mean? Can you explain where the green writing is?


----------



## sweetrose

says in box delete fills c/ programs 86 windows searchqu toolbar datamngr


----------



## sweetrose

i have a a box come up when i did what you told me and in it was gren wrighting


----------



## eddie5659

I think I can see what you're seeing. Does it say that this will delete/uninstall the toolbar? If so, then that is what you want.


----------



## sweetrose

it did ye...i see so meny things on there that i don,t want


----------



## eddie5659

In the Uninstall list? Well, we can get to those later, as some may be needed 

Just trying to remove the ones that could be causing the slowness for now, and after we'll look at what's left and work on them 

In the meantime, can you see if you can uninstall these as well:

MyWebSearch
BabylonToolbar
Shopping Sidekick
iNTERNET_TURBO
ConduitEngine
PricePeep
FunWebProducts


----------



## sweetrose

ok i go and look


----------



## sweetrose

it says i have to wait


----------



## eddie5659

Is it still uninstalling the programs? If so, wait for the one to uninstall, then do the same for the others.


----------



## sweetrose

it is yes, ok i will do it soon


----------



## eddie5659

I'm here till 10ish, so just let it take its time, as you did say the laptop is a bit slow


----------



## sweetrose

it is slow yes....if yr gone i leave you a message


----------



## eddie5659

Don't worry, I get email messages when you reply here


----------



## sweetrose

thanks Eddie i now no abit about my latop now.......;.)


----------



## eddie5659

Cool, that is always a good thing. We were all beginners once, so understanding what things are in a computer/laptop can take a while.

I can guide you round, so as I post up the things to do, if you're unsure, just ask. I'll try and post screenshots where I can


----------



## sweetrose

thanks its a good help.


----------



## eddie5659

No problem, that's what we're here for


----------



## sweetrose

glad i fand yr link


----------



## eddie5659

Well, hopefully the removal of the malware etc will also solve the 999 error 

This site is more of a family atmosphere, as we all have friends here over time


----------



## sweetrose

that would be good not having 999..
i see there is some nice people on here so its like a family link.....


----------



## eddie5659

Yep, we have a Random Discussion forum, where people chat about all sorts.

The main part of the forum is computer support, but we do have things for others to have fun in.


----------



## sweetrose

iv been talking to a few this week .they seem nice and yes they no you .told them yr helping with the 999 .


----------



## eddie5659

Being a moderator I tend to know quite a few people here 

Good to see that you're making friends here 

How's the uninstalling going?


----------



## sweetrose

a few people .and they seem nice,
are you enjoying do this and is this yr day time job to


----------



## eddie5659

I enjoy this, definatly. Been here since 2001, and never left.

Nope, not my day job, I work in an office, so its totally different. This is my hobby


----------



## sweetrose

well im glad yr here to help and not just me .do you enjoy yr work

and im still waithing to unstall.....


----------



## sweetrose

cant find them....Shopping Sidekic FunWebProducts

ConduitEngin MyWebSearc PricePeep


----------



## eddie5659

Sorry, had to work late Thursday, so couldn't get here till late evening 

Okay, leave the others for now.

Now, I need a fresh new log for one of the programs you already ran, called OTL.

Can you delete the version of OTL that you already have. If you can't find it, have a look here:

*C:\Users\ann\Downloads*

And you're looking for an icon that looks like this:










Just delete that one.

Then, redownload a fresh one from here:

*OTL Download Link*

Open up the program, and you will get this:










At the bottom, is a section called *Extra Registry*.

Select the option *Use SafeList*:










Then, at the top, select *Scan All Users*










Now, press *Run Scan* and it may take a while for the scans to complete, but two logs should appear:

*OTL.Txt* and *Extras.Txt*

These will also be saved in the place where OTL is being run from.

Now, instead of copy/pasting, as some info gets mixed up for some reason, can you upload them instead. To do so, do this:

Do this for both the OTL and Extra's log, one at a time:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## sweetrose

ok im doing it now


----------



## sweetrose

eddie im now doing it.i act to takle my dog out./ let you no when its done
hope yr weekend is going well


----------



## sweetrose

its all done.but can,t find when you ask me to go avanced


----------



## eddie5659

At the very bottom of this page is a box where you typed your reply in. Just under that is the Go Advanced button. Press that, and then you can upload the files


----------



## sweetrose

Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Program
Uninstall a Progra
OTL logfile created on: | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2012/09/14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/06/17 19:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/11/03 18:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 21:48:14 
========== Modules (No Company Name) ==========

MOD - [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Pro
SRV:*64bit:* - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | Mgram Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- CCORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/09/03 18:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 05:34:34 | 000,105,312 
DRV:*64bit:* - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/09/03 18:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InM] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\In

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Interne
-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={91AAAA7E-22F1-4FDE-BE01-003A27F6E136}&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&lang=en&ds=AVG&pr=pr&d=2012-10-03 10:28:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes
========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.34
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B7c5d5d8c-cafc-4f99-a863-d279631c5510%7D&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-10-03%2010%3A28%3A31&sap=ku&q="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=sion=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/03 10:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 16:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 21:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 20:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Extensions
[2012/10/04 15:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions
[2012/08/15 21:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/03 10:29:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34
[2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/03 10:28:21 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Prgram Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Filem Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7- - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-ernet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [lbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:*64bit:* - Protocol\Handler\inbox - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value fou GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B7C9C94-2836-4E4E-96BD-B02AAF9E8285}
[2012/10/06 22:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/06 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A6488ED8-B30C-4337-8A6D-3C097859AF3B}
[2012/10/05 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B102234-C72E-494D-8DDA-A112DE989B91}
[2012/10/05 07:21:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FECE62E8-675C-4254-BAEE-D8CCC3973F3E}
[2012/10/04 19:20:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E0F00CFA-B6F1-4453-BA25-A32BA5C7FB3E}
[2012/10/04 07:19:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E3A2A49D-466E-4126-8D7F-E26D0C0214C2}
[2012/10/03 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B544F14-9020-4A3D-8931-04408CB60D6D}
[2012/10/03 10:30:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/10/03 10:29:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2012/10/03 10:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/10/03 10:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013
[2012/10/03 07:16:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4BBCD0D6-09AC-41F0-BA05-F92B2FE61C37}
[2012/10/02 18:02:24 | 000,000,000 | ---D | C] -- C:\Usea\Local\{4BBCD0D6-09AC-41F0-BA05-F92B2FE61C37}
[2012/10/02 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B6CC265-6592-4FC6-A097-6C5F8698781C}
[2012/10/02 14:28:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{09527887-56EF-44B7-B19F-C49F11DB916F}
[2012/10/01 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D38618CD-F270-4719-ACA5-36BA99F69A81}
[2012/10/01 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9AB00F5F-574A-4F2B-A653-6C108731594B}
[2012/09/30 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B3D2686C-7340-4183-956F-1D409FB93584}
[2012/09/29 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DCDC982-D57D-4BD9-B8DE-9F02399EE7A7}
[2012/09/28 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17065003-8D52-4D7A-8C72-84732DAD25B1}
[2012/09/28 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/28 07:23:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E8E7999-5FCE-448C-A190-32C1F8C2295D}
[2012/09/27 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E9AF723-7115-468B-9D99-EC5B51CEFD01}
[2012/09/26 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{708F3BCB-18AC-4984-AFAF-EC6D953F69C4}
[2012/09/26 07:12:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ACDFB89-0D2A-43E5-8FB3-94032960318E}
[2012/09/25 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D5B71BAC-0CC0-451B-A7F5-12AAC03526EF}
[2012/09/25 07:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/09/25 07:05:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8068E14A-A565-4ACB-B8B6-F90541255D7D}
[2012/09/25 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2032383E-9B96-46E7-9ABB-813040944975}
[2012/09/24 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 20:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/24 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 14:15:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0CD02C55-E131-4799-9260-A50552F986F2}
[2012/09/23 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AE26E3D0-71CD-4F4F-BE0E-5B34F3D10185}
[2012/09/23 07:59:45 | 000,000,000 | ---D | C] -- C:\Users\ann\ALocal\{67077770-D3E7-400C-A2FD-9FCDF4047648}
[2012/09/20 21:30:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Malwarebytes
[2012/09/20 21:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 21:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 21:29:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/20 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder
[2012/09/20 14:16:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{561B3F6F-5FD9-4ECA-AAAE-223E4EA7B31C}
[2012/09/19 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107E62F3-24F1-450B-AE27-8443601BE996}
[2012/09/19 07:54:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9A77A327-3B5E-4674-8990-96472AF10A40}
[2012/09/18 19:53:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{24E59612-9EDB-47C5-8BD5-8045CD6ADCEC}
[2012/09/18 19:53:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D101636E-EED4-46DC-852A-F35237BEB04F}
[2012/09/18 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/09/18 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2012/09/18 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55D7289A-847E-44CE-8D2D-12F77F31A885}
[2012/09/17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/17 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{097A9D80-AFE1-41E8-B4A1-CDEDE0424AC9}
[2012/09/16 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{02E3BE57-47E9-4031-BC35-6F0DD5C5C951}
[2012/09/16 07:56:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1DF464DC-322A-4504-9A1F-1BC6D5D6B3A2}
[2012/09/15 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{760ED3BF-BC3E-462C-8926-F8E77F55B330}
[2012/09/14 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C5958D5E-C5C8-43FB-A92D-E03935447FE7}
[2012/09/14 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8D8DB310-BE1D-41C8-8B43-DC3062539586}
[2012/09/14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/13 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5399B4BE-3499-46F0-BB3B-04BC5E7B1738}
[2012/09/13 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\\AppData\Local\{C5958D5E-C5C8-43FB-A92D-E03935447FE7}
[2012/09/14 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8D8DB310-BE1D-41C8-8B43-DC3062539586}
[2012/09/14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/13 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5399B4BE-3499-46F0-BB3B-04BC5E7B1738}
[2012/09/13 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB322788-F238-4333-A1D1-293B6FFE95FB}
[2012/09/12 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B267A62A-1FB7-4DAD-BFAD-1428976D4DC0}
[2012/09/12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/12 06:59:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3AC91806-63C4-4436-87D5-B04598F25B32}
[2012/09/11 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B532A65-56C4-40CC-A328-91F7B8CB4038}
[2012/09/11 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E69C7266-1583-4BD4-AA5E-629492B40D41}
[2012/09/11 08:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/10 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DEA5DBC0-CE63-4885-9085-814E0E9A6A16}
[2012/09/10 09:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{41B6C847-3C46-4874-8077-A19116383EB4}
[2012/09/09 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{28F13F61-B31F-4C24-B0C2-F29A0978947C}
[2012/09/09 07:40:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB8EBC2E-8E24-4CBC-A6A9-9B31AD936071}
[2012/09/08 15:01:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{39129812-5EDC-420F-9550-5CBD1B2EB019}
[2012/09/08 15:01:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7341167F-A632-466E-9B4B-34481BC65D53}
[2012/09/07 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{063041B0-9A1C-40B9-9B84-7EC81676F756}
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 16:34:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 16:33:27 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/07 16:33:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 16:33:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 16:33:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 15:33:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/07 15:20:47 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/10/07 15:20:43 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 15:20:30 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/10/07 15:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 15:19:30 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 13:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/10/07 08:26:16 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/06 20:26:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/06 19:53:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job
[2012/10/06 19:11:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/06 19:11:35 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/06 19:11:35 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/06 19:09:47 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/10/03 10:29:36 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/29 14:45:42 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/09/28 15:02:00 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/25 06:58:55 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
[2012/09/24 20:06:10 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/20 21:35:03 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:18:12 | 000,000,322 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-09-20_21_18].cab
[2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies ies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 13:06:34 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/10/03 10:29:36 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/28 15:00:16 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/28 15:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/24 20:04:07 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/24 19:53:45 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job
[2012/09/24 19:53:44 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
[2012/09/20 21:29:19 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:18:12 | 000,000,322 | ---- | C] () -- C:\Users\ann\Desktop\requested-files[2012-09-20_21_18].cab
[2012/09/02 13:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 08:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 20:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 20:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 15:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 15:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 17:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}n\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 12:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 11:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 14:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 14:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 14:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 14:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 13:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 14:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 08:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 21:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 18:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 08:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 08:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4
[2011/07/12 17:04:33 | 000,000,000 | ---- | C] () -- C:\Us
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========

[2011/12/19 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG
[2012/10/03 10:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
[2011/10/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2
[2012/08/25 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/09/18 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2011/02/06 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba
[2012/10/03 10:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2011/04/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Vodafone
[2012/07/31 18:49:52 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\WildTangent
[2011/04/18 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP Data Stream - 98 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


----------



## sweetrose

iv sent it all


----------



## eddie5659

There's a lot missing from that log, plus it looks like you have duplicates as well, which isn't normal. If you can attach the log as I explained above, that would be better. Also, did you get the two logs produced?

So, if you can do this, that would be great.

First, and the very bottom of this page is the box you type your reply into. On the bottom left is a button called *Go Advanced*










In there, just below the big white box is this button:










Now, when you clicked this button, a box appears:










In there, under the heading *Upload File from your Computer*, click on the *Browse*










Then, navigate to where the logs are. In your case, they may be in here:

*C:\Users\ann\Downloads*

Then, when its found, click on it and select *Open* in the Browse screen.

This will give you the path to the file, then click the *Upload* button:










Do this again for the second file.

Then, under *Current Attachments* there should be the two files showing.

scroll to the very bottom, and pres *Close this Window*










Type a few words in the box, and click *Submit Reply*










And the files will be attached


----------



## sweetrose

sorry iv done it wrong ,im doing it again now


----------



## eddie5659

Oki doki


----------



## sweetrose

Data Stream - 98 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


----------



## eddie5659

Fraid not 

If you look at this thread, this is what you need to have your reply looking like:

http://forums.techguy.org/8489021-post1.html

Do you see the list of attached files? Well, you should have the two (or one if that's all you have) on your reply.

At the moment, all you're posting is fragments 

However, if you can try a few times to attach the OTL log, that would be great. In the meantime, I can look over the log you posted earlier, and at least look to see what can be removed.


----------



## eddie5659

When you copy and pasted the log before:

http://forums.techguy.org/8489833-post179.html

Are you making sure the entire page is highlighted before copying? As in all text blue?

The reason I ask is that in here, you have duplicates:

---------

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

followed by

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

then

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 05:34:34 | 000,105,312
DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

then

========== Standard Registry (SafeList) ==========M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

and

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InM] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

--------------

None of that should happen. It should be all just the one log. It looks like you're trying to copy small amounts, before pasting them in. That's why its better for the upload, so I can work on it easier


----------



## eddie5659

If you're still having problems, there may be another way to get the file, but I'll wait until you reply


----------



## sweetrose

OTL logfile created on: 10/7/2012 6:13:55 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 11.73% Memory free
3.74 Gb Paging File | 0.98 Gb Available in Paging File | 26.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 75.56 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 12:58:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Downloads\OTL (1).exe
PRC - [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2012/09/14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/06/17 19:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/11/03 18:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/09/03 18:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/16 08:10:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/24 16:11:18 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:*64bit:* - [2010/08/11 11:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:*64bit:* - [2010/05/20 14:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:*64bit:* - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:*64bit:* - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:*64bit:* - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/02/21 01:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:*64bit:* - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:*64bit:* - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={91AAAA7E-22F1-4FDE-BE01-003A27F6E136}&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&lang=en&ds=AVG&pr=pr&d=2012-10-03 10:28:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.34
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B7c5d5d8c-cafc-4f99-a863-d279631c5510%7D&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-10-03%2010%3A28%3A31&sap=ku&q="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/03 10:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 16:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 21:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 20:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Extensions
[2012/10/04 15:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions
[2012/08/15 21:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/03 10:29:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34
[2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/03 10:28:21 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:*64bit:* - Protocol\Handler\inbox - No CLSID value found
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B7C9C94-2836-4E4E-96BD-B02AAF9E8285}
[2012/10/06 22:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/06 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A6488ED8-B30C-4337-8A6D-3C097859AF3B}
[2012/10/05 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B102234-C72E-494D-8DDA-A112DE989B91}
[2012/10/05 07:21:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FECE62E8-675C-4254-BAEE-D8CCC3973F3E}
[2012/10/04 19:20:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E0F00CFA-B6F1-4453-BA25-A32BA5C7FB3E}
[2012/10/04 07:19:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E3A2A49D-466E-4126-8D7F-E26D0C0214C2}
[2012/10/03 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B544F14-9020-4A3D-8931-04408CB60D6D}
[2012/10/03 10:30:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/10/03 10:29:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2012/10/03 10:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/10/03 10:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013
[2012/10/03 07:16:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4BBCD0D6-09AC-41F0-BA05-F92B2FE61C37}
[2012/10/02 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B6CC265-6592-4FC6-A097-6C5F8698781C}
[2012/10/02 14:28:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{09527887-56EF-44B7-B19F-C49F11DB916F}
[2012/10/01 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D38618CD-F270-4719-ACA5-36BA99F69A81}
[2012/10/01 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9AB00F5F-574A-4F2B-A653-6C108731594B}
[2012/09/30 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B3D2686C-7340-4183-956F-1D409FB93584}
[2012/09/29 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DCDC982-D57D-4BD9-B8DE-9F02399EE7A7}
[2012/09/28 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17065003-8D52-4D7A-8C72-84732DAD25B1}
[2012/09/28 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/28 07:23:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E8E7999-5FCE-448C-A190-32C1F8C2295D}
[2012/09/27 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E9AF723-7115-468B-9D99-EC5B51CEFD01}
[2012/09/26 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{708F3BCB-18AC-4984-AFAF-EC6D953F69C4}
[2012/09/26 07:12:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ACDFB89-0D2A-43E5-8FB3-94032960318E}
[2012/09/25 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D5B71BAC-0CC0-451B-A7F5-12AAC03526EF}
[2012/09/25 07:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/09/25 07:05:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8068E14A-A565-4ACB-B8B6-F90541255D7D}
[2012/09/25 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2032383E-9B96-46E7-9ABB-813040944975}
[2012/09/24 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 20:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/24 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 14:15:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0CD02C55-E131-4799-9260-A50552F986F2}
[2012/09/23 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AE26E3D0-71CD-4F4F-BE0E-5B34F3D10185}
[2012/09/23 07:59:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4FF6E3DB-92F3-4034-9398-AE566EE92EED}
[2012/09/23 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{13FE6663-72EF-48FC-B5FD-15932BC34B26}
[2012/09/22 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2689C88E-26E2-4AD2-BE79-EB7043092F3C}
[2012/09/21 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{67077770-D3E7-400C-A2FD-9FCDF4047648}
[2012/09/20 21:30:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Malwarebytes
[2012/09/20 21:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 21:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 21:29:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/20 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder
[2012/09/20 14:16:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{561B3F6F-5FD9-4ECA-AAAE-223E4EA7B31C}
[2012/09/19 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107E62F3-24F1-450B-AE27-8443601BE996}
[2012/09/19 07:54:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9A77A327-3B5E-4674-8990-96472AF10A40}
[2012/09/18 19:53:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{24E59612-9EDB-47C5-8BD5-8045CD6ADCEC}
[2012/09/18 19:53:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D101636E-EED4-46DC-852A-F35237BEB04F}
[2012/09/18 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/09/18 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2012/09/18 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55D7289A-847E-44CE-8D2D-12F77F31A885}
[2012/09/17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/17 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{097A9D80-AFE1-41E8-B4A1-CDEDE0424AC9}
[2012/09/16 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{02E3BE57-47E9-4031-BC35-6F0DD5C5C951}
[2012/09/16 07:56:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1DF464DC-322A-4504-9A1F-1BC6D5D6B3A2}
[2012/09/15 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{760ED3BF-BC3E-462C-8926-F8E77F55B330}
[2012/09/14 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C5958D5E-C5C8-43FB-A92D-E03935447FE7}
[2012/09/14 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8D8DB310-BE1D-41C8-8B43-DC3062539586}
[2012/09/14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/13 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5399B4BE-3499-46F0-BB3B-04BC5E7B1738}
[2012/09/13 07:21:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB322788-F238-4333-A1D1-293B6FFE95FB}
[2012/09/12 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B267A62A-1FB7-4DAD-BFAD-1428976D4DC0}
[2012/09/12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/12 06:59:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3AC91806-63C4-4436-87D5-B04598F25B32}
[2012/09/11 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B532A65-56C4-40CC-A328-91F7B8CB4038}
[2012/09/11 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E69C7266-1583-4BD4-AA5E-629492B40D41}
[2012/09/11 08:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/10 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DEA5DBC0-CE63-4885-9085-814E0E9A6A16}
[2012/09/10 09:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{41B6C847-3C46-4874-8077-A19116383EB4}
[2012/09/09 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{28F13F61-B31F-4C24-B0C2-F29A0978947C}
[2012/09/09 07:40:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DB8EBC2E-8E24-4CBC-A6A9-9B31AD936071}
[2012/09/08 15:01:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{39129812-5EDC-420F-9550-5CBD1B2EB019}
[2012/09/08 15:01:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7341167F-A632-466E-9B4B-34481BC65D53}
[2012/09/07 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{063041B0-9A1C-40B9-9B84-7EC81676F756}
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 17:34:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 17:33:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/07 17:26:04 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/07 16:33:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 16:33:01 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 15:33:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/07 15:20:47 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/10/07 15:20:43 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 15:20:30 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/10/07 15:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 15:19:30 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 13:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/10/06 20:26:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/06 19:53:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job
[2012/10/06 19:11:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/06 19:11:35 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/06 19:11:35 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/06 19:09:47 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/10/03 10:29:36 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/29 14:45:42 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/09/28 15:02:00 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/25 06:58:55 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
[2012/09/24 20:06:10 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/20 21:35:03 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:18:12 | 000,000,322 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-09-20_21_18].cab
[2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 13:06:34 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/10/03 10:29:36 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/28 15:00:16 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/28 15:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/24 20:04:07 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/24 19:53:45 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job
[2012/09/24 19:53:44 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
[2012/09/20 21:29:19 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:18:12 | 000,000,322 | ---- | C] () -- C:\Users\ann\Desktop\requested-files[2012-09-20_21_18].cab
[2012/09/02 13:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 08:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 20:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 20:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 15:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 15:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 17:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 17:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 19:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 19:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 12:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 11:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 14:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 14:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 14:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 14:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 13:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 14:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 08:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 21:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 18:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 08:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 08:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/19 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG
[2012/10/03 10:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
[2011/10/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2
[2012/08/25 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/09/18 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2011/02/06 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba
[2012/10/03 10:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2011/04/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Vodafone
[2012/07/31 18:49:52 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\WildTangent
[2011/04/18 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


----------



## sweetrose

eddie is this right......


----------



## eddie5659

YES!!!!! 


Excellent :up:


----------



## eddie5659

I'll look thru that now, and will reply as soon as I can


----------



## sweetrose

you mean its all there .lol


----------



## eddie5659

Yep, the first one is there. Going off for a bit now, but was there an Extras log as well, in the same location?

If so, post that as you did above. If its not there, its okay


----------



## sweetrose

will look for it..talk soon and thanks for all yr help/


----------



## eddie5659

Any joy with the Extras log?

Either way, I'll wait till you reply, as we have another tool to run before I'll start to remove the infections


----------



## sweetrose

hi Eddie no im sorry ,iv not,


----------



## eddie5659

That's okay, we can use a different tool in a bit to check that part out 

I was going to suggest another program, but I may use some easier ones for now, and once you've mastered how to do that fully, I'll post the other program. Its one where you need to leave it running, but it can take a while, so will try and speed the laptop up first 

So, as you didn't get an Extras log, can you run this instead. Also, make sure its on your Desktop. if it downloads to the Download folder, you'll have to move it to the Desktop before running it. If you're unsure of how, just ask and I'll post some screeenshots 


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

---

If you can post both, in two seperate replies, that would be great. Exactly like you posted the previous OTL log


----------



## sweetrose

ok i will try it now,if not in mornin and let you no


----------



## sweetrose

Logfile of random's system information tool 1.09 (written by random/random)
Run by ann at 2012-10-08 22:11:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 78 GB (65%) free of 119 GB
Total RAM: 1913 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:07, on 08/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\Downloads\RSIT (3).exe
C:\Program Files (x86)\trend micro\ann.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - (no file)
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: iNTERNET TURBO Toolbar - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: iNTERNET TURBO - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - (no file)
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [InboxToolbar] "C:\PROGRA~2\INBOXT~1\Inbox.exe" /STARTUP
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKCU\..\Run: [Google Update] "C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19207 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
C:\Windows\tasks\Norton Security Scan for ann.job
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default

prefs.js - "browser.startup.homepage" - "http://mystart.incredimail.com"
prefs.js - "keyword.URL" - "https://isearch.avg.com/search?cid=%7B7c5d5d8c-cafc-4f99-a863-d279631c5510%7D&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-10-03%2010%3A28%3A31&sap=ku&q="

"[email protected]"=C:\Program Files (x86)\MyWebSearch\bar\2.bin
"[email protected]"=C:\ProgramData\AVG Secure Search\12.2.5.34\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06 2015544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09152f0b-739c-4dec-a245-1aa8a37594f1}]
iNTERNET TURBO Toolbar - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-28 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
DataMngr - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]
Wajam - C:\Program Files (x86)\Wajam\IE\priam_bho.dll [2012-07-26 297568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2012-07-17 1027808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-28 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-10-06 156984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06 2015544]
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []
!{09152f0b-739c-4dec-a245-1aa8a37594f1}
!{98889811-442D-49dd-99D7-DC866BE87DBC}
!{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-10-03 947808]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"ROC_roc_dec12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"InboxToolbar"=C:\PROGRA~2\INBOXT~1\Inbox.exe [2012-09-17 1661152]
"ROC_roc_ssl_v12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12 []
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe [2012-04-26 1318872]
"ROC_ROC_JULY_P1"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2012-09-14 3039352]
"ROC_ROC_NT"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe [2012-10-03 856160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 136176]
"Facebook Update"=C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"msnmsgr"=~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
"GameXN GO"=C:\ProgramData\GameXN\GameXNGO.exe /startup []
"Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2012-06-10 79664]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-09-21 5664640]

C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-08 21:50:28 ----D---- C:\Program Files (x86)\trend micro
2012-10-08 21:50:22 ----D---- C:\rsit
2012-10-03 10:30:45 ----D---- C:\Users\ann\AppData\Roaming\AVG2013
2012-10-03 10:29:33 ----D---- C:\Users\ann\AppData\Roaming\TuneUp Software
2012-10-03 10:28:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-10-03 10:18:01 ----D---- C:\ProgramData\AVG2013
2012-09-28 14:26:44 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-09-28 14:25:24 ----A---- C:\Windows\SysWOW64\java.exe
2012-09-28 14:11:15 ----D---- C:\Program Files (x86)\Common Files\Java
2012-09-28 14:10:43 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-25 07:12:07 ----D---- C:\ProgramData\SUPERSetup
2012-09-24 19:53:22 ----D---- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
2012-09-24 19:52:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-09-22 15:49:00 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\url.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 15:48:57 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-09-22 15:48:56 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 15:48:55 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-09-22 15:48:53 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 15:48:52 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-09-22 15:48:49 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-09-20 21:30:15 ----D---- C:\Users\ann\AppData\Roaming\Malwarebytes
2012-09-20 21:29:12 ----D---- C:\ProgramData\Malwarebytes
2012-09-20 21:29:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-18 19:21:07 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2012-09-18 19:12:16 ----D---- C:\Users\ann\AppData\Roaming\Registry Mechanic
2012-09-12 07:07:49 ----A---- C:\Windows\SysWOW64\d3d10level9.dll

======List of files/folders modified in the last 1 month======

2012-10-08 22:11:04 ----D---- C:\Windows\Temp
2012-10-08 22:11:01 ----AD---- C:\ProgramData\TEMP
2012-10-08 21:50:28 ----D---- C:\Program Files (x86)
2012-10-08 20:30:53 ----D---- C:\ProgramData\MFAData
2012-10-08 19:44:33 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic
2012-10-08 18:40:08 ----SHD---- C:\Windows\Installer
2012-10-08 18:38:48 ----SHD---- C:\System Volume Information
2012-10-07 19:19:44 ----D---- C:\Windows\System32
2012-10-07 19:19:44 ----D---- C:\Windows\inf
2012-10-07 19:00:03 ----D---- C:\Windows\SysWOW64
2012-10-07 16:35:17 ----D---- C:\Windows\rescache
2012-10-07 16:19:29 ----D---- C:\Windows\Prefetch
2012-10-07 13:07:59 ----HD---- C:\ProgramData
2012-10-06 22:56:29 ----RD---- C:\Program Files (x86)\Skype
2012-10-05 18:17:53 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2012-10-04 15:24:56 ----D---- C:\Windows\Tasks
2012-10-04 15:19:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-04 07:08:43 ----D---- C:\Program Files (x86)\Common Files
2012-10-03 18:00:39 ----D---- C:\Windows
2012-10-03 10:35:11 ----D---- C:\Program Files (x86)\AVG
2012-10-03 10:34:04 ----HD---- C:\$AVG
2012-10-03 10:34:04 ----D---- C:\Windows\SysWOW64\drivers
2012-10-03 10:29:06 ----D---- C:\ProgramData\AVG Secure Search
2012-09-28 15:37:49 ----D---- C:\Users\ann\AppData\Roaming\Skype
2012-09-28 15:00:04 ----D---- C:\Program Files (x86)\Common Files\Adobe
2012-09-28 15:00:03 ----D---- C:\ProgramData\Adobe
2012-09-28 15:00:01 ----D---- C:\Program Files (x86)\Adobe
2012-09-28 14:27:21 ----D---- C:\Users\ann\AppData\Roaming\skypePM
2012-09-28 14:24:58 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-09-28 14:24:24 ----D---- C:\Program Files (x86)\Java
2012-09-26 22:36:31 ----D---- C:\Windows\winsxs
2012-09-24 20:04:01 ----RD---- C:\Program Files
2012-09-22 17:27:20 ----D---- C:\Windows\SysWOW64\migration
2012-09-22 17:27:20 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-18 19:00:45 ----D---- C:\Windows\debug
2012-09-18 08:32:35 ----D---- C:\Program Files (x86)\Inbox Toolbar

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys []
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys []
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum; C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
S3 ZTEusbvoice;ZTE VoUSB Port; C:\Windows\system32\DRIVERS\ZTEusbvoice.sys []
S3 ZTEusbwwan;ZTE MBN Miniport; C:\Windows\system32\DRIVERS\ZTEusbwwan.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-08-20 1286392]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 VmbService;Vodafone Mobile Broadband Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
R2 WajamUpdater;WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------


----------



## sweetrose

Logfile of random's system information tool 1.09 (written by random/random)
Run by ann at 2012-10-08 22:11:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 78 GB (65%) free of 119 GB
Total RAM: 1913 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:07, on 08/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\Downloads\RSIT (3).exe
C:\Program Files (x86)\trend micro\ann.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - (no file)
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: iNTERNET TURBO Toolbar - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: iNTERNET TURBO - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - (no file)
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [InboxToolbar] "C:\PROGRA~2\INBOXT~1\Inbox.exe" /STARTUP
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKCU\..\Run: [Google Update] "C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19207 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
C:\Windows\tasks\Norton Security Scan for ann.job
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 483e9e02-2c59-40f3-885c-716706dc0077.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1e9cf14-f3cd-4960-84b2-9f68a2e90487.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default

prefs.js - "browser.startup.homepage" - "http://mystart.incredimail.com"
prefs.js - "keyword.URL" - "https://isearch.avg.com/search?cid=%7B7c5d5d8c-cafc-4f99-a863-d279631c5510%7D&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-10-03%2010%3A28%3A31&sap=ku&q="

"[email protected]"=C:\Program Files (x86)\MyWebSearch\bar\2.bin
"[email protected]"=C:\ProgramData\AVG Secure Search\12.2.5.34\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06 2015544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09152f0b-739c-4dec-a245-1aa8a37594f1}]
iNTERNET TURBO Toolbar - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-28 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
DataMngr - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]
Wajam - C:\Program Files (x86)\Wajam\IE\priam_bho.dll [2012-07-26 297568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2012-07-17 1027808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-28 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-10-06 156984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06 2015544]
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []
!{09152f0b-739c-4dec-a245-1aa8a37594f1}
!{98889811-442D-49dd-99D7-DC866BE87DBC}
!{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-10-03 947808]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"ROC_roc_dec12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"InboxToolbar"=C:\PROGRA~2\INBOXT~1\Inbox.exe [2012-09-17 1661152]
"ROC_roc_ssl_v12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12 []
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe [2012-04-26 1318872]
"ROC_ROC_JULY_P1"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2012-09-14 3039352]
"ROC_ROC_NT"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe [2012-10-03 856160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 136176]
"Facebook Update"=C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"msnmsgr"=~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
"GameXN GO"=C:\ProgramData\GameXN\GameXNGO.exe /startup []
"Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2012-06-10 79664]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-09-21 5664640]

C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-08 21:50:28 ----D---- C:\Program Files (x86)\trend micro
2012-10-08 21:50:22 ----D---- C:\rsit
2012-10-03 10:30:45 ----D---- C:\Users\ann\AppData\Roaming\AVG2013
2012-10-03 10:29:33 ----D---- C:\Users\ann\AppData\Roaming\TuneUp Software
2012-10-03 10:28:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-10-03 10:18:01 ----D---- C:\ProgramData\AVG2013
2012-09-28 14:26:44 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-09-28 14:25:24 ----A---- C:\Windows\SysWOW64\java.exe
2012-09-28 14:11:15 ----D---- C:\Program Files (x86)\Common Files\Java
2012-09-28 14:10:43 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-25 07:12:07 ----D---- C:\ProgramData\SUPERSetup
2012-09-24 19:53:22 ----D---- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
2012-09-24 19:52:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-09-22 15:49:00 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\url.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 15:48:57 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-09-22 15:48:56 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 15:48:55 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-09-22 15:48:53 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 15:48:52 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-09-22 15:48:49 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-09-20 21:30:15 ----D---- C:\Users\ann\AppData\Roaming\Malwarebytes
2012-09-20 21:29:12 ----D---- C:\ProgramData\Malwarebytes
2012-09-20 21:29:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-18 19:21:07 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2012-09-18 19:12:16 ----D---- C:\Users\ann\AppData\Roaming\Registry Mechanic
2012-09-12 07:07:49 ----A---- C:\Windows\SysWOW64\d3d10level9.dll

======List of files/folders modified in the last 1 month======

2012-10-08 22:11:04 ----D---- C:\Windows\Temp
2012-10-08 22:11:01 ----AD---- C:\ProgramData\TEMP
2012-10-08 21:50:28 ----D---- C:\Program Files (x86)
2012-10-08 20:30:53 ----D---- C:\ProgramData\MFAData
2012-10-08 19:44:33 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic
2012-10-08 18:40:08 ----SHD---- C:\Windows\Installer
2012-10-08 18:38:48 ----SHD---- C:\System Volume Information
2012-10-07 19:19:44 ----D---- C:\Windows\System32
2012-10-07 19:19:44 ----D---- C:\Windows\inf
2012-10-07 19:00:03 ----D---- C:\Windows\SysWOW64
2012-10-07 16:35:17 ----D---- C:\Windows\rescache
2012-10-07 16:19:29 ----D---- C:\Windows\Prefetch
2012-10-07 13:07:59 ----HD---- C:\ProgramData
2012-10-06 22:56:29 ----RD---- C:\Program Files (x86)\Skype
2012-10-05 18:17:53 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2012-10-04 15:24:56 ----D---- C:\Windows\Tasks
2012-10-04 15:19:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-04 07:08:43 ----D---- C:\Program Files (x86)\Common Files
2012-10-03 18:00:39 ----D---- C:\Windows
2012-10-03 10:35:11 ----D---- C:\Program Files (x86)\AVG
2012-10-03 10:34:04 ----HD---- C:\$AVG
2012-10-03 10:34:04 ----D---- C:\Windows\SysWOW64\drivers
2012-10-03 10:29:06 ----D---- C:\ProgramData\AVG Secure Search
2012-09-28 15:37:49 ----D---- C:\Users\ann\AppData\Roaming\Skype
2012-09-28 15:00:04 ----D---- C:\Program Files (x86)\Common Files\Adobe
2012-09-28 15:00:03 ----D---- C:\ProgramData\Adobe
2012-09-28 15:00:01 ----D---- C:\Program Files (x86)\Adobe
2012-09-28 14:27:21 ----D---- C:\Users\ann\AppData\Roaming\skypePM
2012-09-28 14:24:58 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-09-28 14:24:24 ----D---- C:\Program Files (x86)\Java
2012-09-26 22:36:31 ----D---- C:\Windows\winsxs
2012-09-24 20:04:01 ----RD---- C:\Program Files
2012-09-22 17:27:20 ----D---- C:\Windows\SysWOW64\migration
2012-09-22 17:27:20 ----D---- C:\Program Files (x86)\Internet Explorer
2012-09-18 19:00:45 ----D---- C:\Windows\debug
2012-09-18 08:32:35 ----D---- C:\Program Files (x86)\Inbox Toolbar

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys []
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys []
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum; C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
S3 ZTEusbvoice;ZTE VoUSB Port; C:\Windows\system32\DRIVERS\ZTEusbvoice.sys []
S3 ZTEusbwwan;ZTE MBN Miniport; C:\Windows\system32\DRIVERS\ZTEusbwwan.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-08-20 1286392]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 VmbService;Vodafone Mobile Broadband Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
R2 WajamUpdater;WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------


----------



## sweetrose

Eddie .i forgot our i did that befor.


----------



## eddie5659

That's okay, I'll remove that extra one in a min 

Did the other log open for the program? Should have had 2 open, one as above, the other different.

eddie


----------



## sweetrose

don,t no why but i dont seem to do wht you ask me Eddie.


----------



## sweetrose

ritten by random/random)
Run by ann at 2012-10-11 14:06:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 78 GB (65%) free of 119 GB
Total RAM: 1913 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:20, on 11/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\ann.exe
nkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - (no file)
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: iNTERNET TURBO Toolbar - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: iNTERNET TURBO - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKCU\..\Run: [Google Update] "C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\6)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
DataMngr - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}]
Wajam - C:\Program Files (x86)\Wajam\IE\priam_bho.dll [2012-07-26 297568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2012-07-17 1027808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-28 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
ternet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-10-06 156984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06 2015544]
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll [2012-10-03 1734240]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll []
!{09152f0b-739c-4dec-a245-1aa8a37594f1}
!{98889811-442D-49dd-99D7-DC866BE87DBC}
!{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-10-03 947808]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"ROC_roc_dec12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"InboxToolbar"=C:\PROGRA~2\INBOXT~1\Inbox.exe [2012-09-17 1661152]
"ROC_roc_ssl_v12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12 []
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe [20Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2012-09-14 3039352]
"ROC_ROC_NT"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe [2012-10-03 856160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 136176]
"Facebook Update"=C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
"msnmsgr"=~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []
"GameXN GO"=C:\ProgramData\GameXN\GameXNGO.exe /startup []
"Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2012-06-10 79664]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-09-21 5664640]

C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BBC iPlayer Desktop.lnk - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3ktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\WindowsWOW64\ntoskrnl.exe
2012-10-11 07:32:05 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-11 07:31:48 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2012-10-11 07:31:48 ----A---- C:\Windows\SysWOW64\kernel32.dll
2012-10-11 07:31:46 ----A---- C:\Windows\SysWOW64\setup16.exe
2012-10-11 07:31:45 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-11 07:31:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-11 07:31:43 ----A---- C:\Windows\SysWOW64\wow32.dll
2012-10-11 07:31:43 ----A---- C:\Windows\SysWOW64\instnm.exe
2012-10-11 07:31:42 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-11 07:31:42 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-11 07:31:42 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-11 07:31:42 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-11 07:31:41 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-11 07:31:40 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-11 07:31:40 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-11 07:31:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-11 07:31:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-11 07:31:30 ----AH---- C:\Windows\SysWOW64\in-core-localization-l1-1-0.dll
2012-10-11 07:31:27 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-11 07:31:23 ----A---- C:\Windows\SysWOW64\user.exe
2012-10-11 07:30:44 ----A---- C:\Windows\SysWOW64\wintrust.dll
2012-10-11 07:30:30 ----A---- C:\Windows\SysWOW64\tzres.dll
2012-10-11 07:25:42 ----A---- C:\Windows\SysWOW64\crypt32.dll
2012-10-11 07:25:41 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2012-10-11 07:25:41 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2012-10-11 07:24:48 ----A---- C:\Windows\SysWOW64\kerberos.dll
2012-10-09 18:17:11 ----D---- C:\rsit
2012-10-08 21:50:28 ----D---- C:\Program Files (x86)\trend micro
2012-10-03 10:30:45 ----D---- C:\Users\ann\AppData\Roaming\AVG2013
2012-10-03 10:29:33 ----D---- C:\Users\ann\AppData\Roaming\TuneUp Software
2012-10-03 10:28:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-10-03 10:18:01 ----D---- C:\ProgramData\AVG2013
2012-09-28 14:26:44 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-28 14:25:30 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-09-28 14:25:24 ----A---- C:\Windows\SysWOW64\java.exe
2012-09-28 14:11:15 ----D---- C:\Program Files (x86)\Common Files\Java
2012-09-28 14:10:43 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-25 07:12:07 ----D---- C:\ProgramData\SUPERSetup
2012-09-24 19:53:22 ----D---- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
2012-09-24 19:52:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-09-22 15:49:00 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-09-22 15:48:59 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\url.dll
2012-09-22 15:48:58 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 15:48:57 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-09-22 15:48:56 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 15:48:55 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-09-22 15:48:54 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-09-22 15:48:53 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 15:48:52 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-09-22 15:48:49 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-09-20 21:30:15 ----D---- C:\Users\ann\AppData\Roaming\Malwarebytes
2012-09-20 21:29:12 ----D---- C:\ProgramData\Malwarebytes
2012-09-20 21:29:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-18 19:21:07 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2012-09-18 19:12:16 ----D---- C:\Users\ann\AppData\Roaming\Registry Mechanic
2012-09-12 07:07:49 ----A---- C:\Windows\SysWOW64\d3d10level9.dll

======List of files/folders modified in the last 1 month======

2012-10-11 14:06:18 ----D---- C:\Windows\Temp
2012-10-11 14:06:10 ----AD---- C:\ProgramData\TEMP
2012-10-11 13:53:37 ----D---- C:\ProgramData\MFAData
2012-10-11 13:49:17 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic
2012-10-11 10:54:51 ----SHD---- C:\Windows\Installer
2012-10-11 10:52:56 ----SHD---- C:\System Volume Information
2012-10-11 10:37:02 ----D---- C:\Windows\winsxs
2012-10-11 10:34:40 ----D---- C:\Windows\SysWOW64\en-US
2012-10-11 10:34:40 ----D---- C:\Windows\SysWOW64
2012-10-11 10:34:40 ----D---- C:\Windows\System32
2012-10-11 10:34:35 ----D---- C:\Windows\AppPatch
2012-10-10 22:49:08 ----D---- C:\Windows\debug
2012-10-10 22:48:51 ----RD---- C:\Program Files (x86)\Skype
2012-10-09 19:53:47 ----D---- C:\Windows\Tasks
2012-10-08 21:50:28 ----D---- C:\Program Files (x86)
2012-10-07 19:19:44 ----D---- C:\Windows\inf
2012-10-07 16:35:17 ----D---- C:\Windows\rescache
2012-10-07 16:19:29 ----D---- C:\Windows\Prefetch
2012-10-07 13:07:59 ----HD---- C:\ProgramData
2012-10-05 18:17:53 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2012-10-04 15:19:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-04 07:08:43 ----D---- C:\Program Files (x86)\Common Files
2012-10-03 18:00:39 ----D---- C:\Windowsidsha.sys []
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys []
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys []
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys []
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys []
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys []
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys []
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum; C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\
2012-10-03 10:35:11 ----D---- C:\Program Files (x86)\Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 VmbService;Vodafone Mobile Broadband Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
R2 WajamUpdater;WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 wlcrasvc;Windows Live Mesh remote connec


----------



## eddie5659

Okay, I can try and look thru the logs that you posted in a few mins, but in the meantime, lets start with removing some stuff that can go 

Now, for the following pasted below, please try to ensure you copy all of it, including the *:OTL* part at the very top, all the way down to the *[Reboot]* at the very bottom, otherwise it won't work.

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following










eg:












Code:


:OTL
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]


Then click the *Run Fix* button at the top










Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------



## sweetrose

Custom Scans/Fixes* b Eddie no files come up on there


----------



## eddie5659

You need to copy/paste the above that I posted, and will repost here again, into the Custom box. Then, press the *Run Fix* button, and press OK 

Please try to ensure you copy all of it, including the *:OTL* part at the very top, all the way down to the *[Reboot]* at the very bottom, otherwise it won't work.



Code:


:OTL
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]


----------



## sweetrose

Eddie i will try it again,


----------



## sweetrose

Did you get it


----------



## sweetrose

ror: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011/12/19 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG> in the current context!
Error: Unable to interpret <[2012/10/03 10:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013> in the current context!
Error: Unable to interpret <[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret <[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo> in the current context!
Error: Unable to interpret <[2011/10/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1> in the current context!
Error: Unable to interpret <[2011/04/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2> in the current context!
Error: Unable to interpret <[2012/08/25 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro> in the current context!
Error: Unable to interpret <[2012/09/18 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic> in the current context!
Error: Unable to interpret <[2011/02/06 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba> in the current context!
Error: Unable to interpret <[2012/10/03 10:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software> in the current context!
Error: Unable to interpret <[2011/04/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Users717]========== Purity Check ==========[/color]> in the current c
ror: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011/12/19 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG> in the current context!
Error: Unable to interpret <[2012/10/03 10:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013> in the current context!
Error: Unable to interpret <[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret <[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo> in the current context!
Error: Unable to interpret <[2011/10/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1> in the current context!
Error: Unable to interpret <[2011/04/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2> in the current context!
Error: Unable to interpret <[2012/08/25 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro> in the current context!
Error: Unable to interpret <[2012/09/18 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic> in the current context!
Error: Unable to interpret <[2011/02/06 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba> in the current context!
Error: Unable to interpret <[2012/10/03 10:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software> in the current context!
Error: Unable to interpret <[2011/04/20 16:26:20 | 000,000,000 | ---D | M] -- C:\Users717]========== Purity Check ==========[/color]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP1B5B4F1> in the current context!
Error: Unable to interpret << End of report >> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10152012_201036
Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Both> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]> in the current context!
Error: Unable ble to interpret <[2012/10/15 19:33:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job> in the current context!
Error: Unable to interpret <[2012/10/15 19:00:40 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job> in the current context!
Error: Unable to interpret <[2012/10/15 18:34:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2012/10/15 17:50:00 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012/10/15 17:50:00 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012/10/15 17:42:46 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job> in the current context!
Error: Unable to interpret <[2012/10/15 17:42:37 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk> in the current context!
Error: Unable to interpret <[2012/10/15 17:41:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012/10/15 17:41:26 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2012/10/15 15:33:06 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job> in the current context!
Error: Unable to interpret <[2012/10/15 14:26:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job> in the current context!
Error: Unable to interpret <[2012/10/14 20:26:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job> in the current context!
Error: Unable to interpret <[2012/10/14 08:09:59 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2012/10/14 08:09:59 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2012/10/14 08:09:59 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2012/10/13 15:07:41 | 000,000,201 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg> in the current context!
Error: Unable to interpret <[2012/10/13 15:07:17 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk> in the current context!
Error: Unable to interpret <[2012/10/11 07:35:53 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk> in the current context!
Error: Unable to interpret <[2012/10/10 14:51:08 | 000,000,323 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab> in the current context!
Error: Unable to interpret <[2012/10/07 13:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\nologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys> in the current context!
Error: Unable to interpret <[2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys> in the current context!
Error: Unable to interpret <[2012/09/28 15:02:00 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk> in the current context!
Error: Unable to interpret <[2012/09/29 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DCDC982-D57D-4BD9-B8DE-9F02399EE7A7}> in the current context!
Error: Unable to interpret <[2012/09/28 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17065003-8D52-4D7A-8C72-84732DAD25B1}> in the current context!
Error: Unable to interpret <[2012/09/28 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java> in the current context!
Error: Unable to interpret <[2012/09/28 07:23:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E8E7999-5FCE-448C-A190-32C1F8C2295D}> in the current context!
Error: Unable to interpret <[2012/09/27 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E9AF723-7115-468B-9D99-EC5B51CEFD01}> in the current context!
Error: Unable to interpret <[2012/09/26 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{708F3BCB-18AC-4984-AFAF-EC6D953F69C4}> in the current context!
Error: Unable to interpret <[2012/09/26 07:12:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ACDFB89-0D2A-43E5-8FB3-94032960318E}> in the current context!
Error: Unable to interpret <[2012/09/25 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D5B71BAC-0CC0-451B-A7F5-12AAC03526EF}> in the current context!
Error: Unable to interpret <[2012/09/25 07:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup> in the current context!
Error: Unable to interpret <[2012/09/25 07:05:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8068E14A-A565-4ACB-B8B6-F90541255D7D}> in the current context!
Error: Unable to interpret <[2012/09/25 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2032383E-9B96-46E7-9ABB-813040944975}> in the current context!
Error: Unable to interpret <[2012/09/24 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware> in the current context!
Error: Unable to interpret <[2012/09/24 20:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware> in the current context!
Error: Unable to interpret <[2012/09/24 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com> in the current context!
Error: Unable to interpret <[2012/09/24 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com> in the current context!
Error: Unable to interpret <[2012/09/24 14:15:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0CD02C55-E131-4799-9260-A50552F986F2}> in the current context!
Error: Unable to interpret <[2012/09/23 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AE26E3D0-71CD-4F4F-BE0E-5B34F3D10185}> in the current context!
Error: Unable to interpret <[2012/09/23 07:59:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4FF6E3DB-92F3-4034-9398-AE566EE92EED}> in the current context!
Error: Unable to interpret <[2012/09/23 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\ann\Appsers\ann\AppData\Roaming\Registry Mechanic> in the current context!
Error: Unable to interpret <[2012/09/18 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55D7289A-847E-44CE-8D2D-12F77F31A885}> in the current context!
Error: Unable to interpret <[2012/09/17 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{097A9D80-AFE1-41E8-B4A1-CDEDE0424AC9}> in the current context!
Error: Unable to interpret <[2012/09/16 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{02E3BE57-47E9-4031-BC35-6F0DD5C5C951}> in the current context!
Error: Unable to interpret <[2012/09/16 07:56:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1DF464DC-322A-4504-9A1F-1BC6D5D6B3A2}> in the current context!
Error: Unable to interpret <[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpr


----------



## sweetrose

nterpret <[2012/09/29 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DCDC982-D57D-4BD9-B8DE-9F02399EE7A7}> in the current context!
Error: Unable to interpret <[2012/09/28 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17065003-8D52-4D7A-8C72-84732DAD25B1}> in the current context!
Error: Unable to interpret <[2012/09/28 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java> in the current context!
Error: Unable to interpret <[2012/09/28 07:23:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E8E7999-5FCE-448C-A190-32C1F8C2295D}> in the current context!
Error: Unable to interpret <[2012/09/27 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E9AF723-7115-468B-9D99-EC5B51CEFD01}> in the current context!
Error: Unable to interpret <[2012/09/26 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{708F3BCB-18AC-4984-AFAF-EC6D953F69C4}> in the current context!
Error: Unable to interpret <[2012/09/26 07:12:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ACDFB89-0D2A-43E5-8FB3-94032960318E}> in the current context!
Error: Unable to interpret <[2012/09/25 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D5B71BAC-0CC0-451B-A7F5-12AAC03526EF}> in the current context!
Error: Unable to interpret <[2012/09/25 07:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup> in the current context!
Error: Unable to interpret <[2012/09/25 07:05:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8068E14A-A565-4ACB-B8B6-F90541255D7D}> in the current context!
Error: Unable to interpret <[2012/09/25 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2032383E-9B96-46E7-9ABB-813040944975}> in the current context!
Error: Unable to interpret <[2012/09/24 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware> in the current context!
Error: Unable to interpret <[2012/09/24 20:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware> in the current context!
Error: Unable to interpret <[2012/09/24 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com> in the current context!
Error: Unable to interpret <[2012/09/24 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com> in the current context!
Error: Unable to interpret <[2012/09/24 14:15:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0CD02C55-E131-4799-9260-A50552F986F2}> in the current context!
Error: Unable to interpret <[2012/09/23 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AE26E3D0-71CD-4F4F-BE0E-5B34F3D10185}> in the current context!
Error: Unable to interpret <[2012/09/23 07:59:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4FF6E3DB-92F3-4034-9398-AE566EE92EED}> in the current context!
Error: Unable to interpret <[2012/09/23 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{13FE6663-72EF-48FC-B5FD-15932BC34B26}> in the current context!
Error: Unable to interpret <[2012/09/22 13:53:58 | 000,000,000 | ---D | C] -s\ann\AppData\Local\{09527887-56EF-44B7-B19F-C49F11DB916F}> in the current context!
Error: Unable to interpret <[2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys> in the current context!
Error: Unable to interpret <[2012/10/01 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\ann\A C:\Users\ann\AppData\Local\{9AB00F5F-574A-4F2B-A653-6C108731594B}> in the current context!
Error: Unable to interpre to interpret <========== Files/Folders - Created With> in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/10/15 14:12:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B0BCB94-4D85-4D15-AF18-0E75E5C712D7}> in the current context!
Error: Unable to interpret <[2012/10/14 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype> in the current context!
Error: Unable to interpret <[2012/10/14 20:55:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{66E0DA3C-CE65-475C-B8C0-9CE5B63A56A3}> in the current context!
Error: Unable to interpret <[2012/10/14 08:55:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{167AD287-3A6E-4692-A2E9-A3F9F392E12C}> in the current context!
Error: Unable to interpret <[2012/10/14 08:33:13 | 000,000,000 | ---D | C] -- C:\Users\ann\Documents\Fax> in the current context!
Error: Unable to interpret <[2012/10/14 08:33:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2807ED7F-589B-45FB-8D0A-21025F13F338}> in the current context!
Error: Unable to interpret <[2012/10/14 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{31F18C97-2C2B-49B6-9D3A-88D3AA599737}> in the current context!
Error: Unable to interpret <[2012/10/14 08:06:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1E07DCB5-D853-4F5C-AF8B-AC734944A87B}> in the current context!
Error: Unable to interpret <[2012/10/14 08:01:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6FD3E7C6-7093-4567-A62C-C6DBAEC79678}> in the current context!
Error: Unable to interpret <[2012/10/13 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG> in the current context!
Error: Unable to interpret <[2012/10/13 13:58:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B2B85854-3F77-404B-8729-31C2B1BACF40}> in the current context!
Error: Unable to interpret <[2012/10/12 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F2305E10-A6C8-41CD-A71E-6DB3BEB09B3E}> in the current context!
Error: Unable to interpret <[2012/10/12 07:21:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D788C5B-2D2F-4EFB-BB6D-B9D9CB3B1373}> in the current context!
Error: Unable to interpret <[2012/10/11 19:20:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C1DD3728-C8E0-4B3D-90AE-AA174DF1A72B}> in the current context!
Error: Unable to interpret <[2012/10/11 07:20:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B481F9F9-56BF-496D-9571-09BEDBD44491}> in the current context!
Error: Unable to interpret <[2012/10/10 19:19:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2D9BF89C-2087-4662-8931-C7492049B401}> in the current context!
Error: Unable to interpret <[2012/10/10 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{268922BE-9566-44C0-8633-BAE3BEF277CB}> in the current context!
Error: Unable to interpret <[2012/10/09 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder (2)> in the current context!
Error: Unable to interpret <[2012/10/09 18:17:11 | 000,000,000 | ---D | C] -- C:\rsit> in the current context!
Error: Unable to interpret <[2012/10/09 14:38:04 | 000,000,000 | ---D | C] -- Crs\ann\AppData\Local\{268922BE-9566-44C0-8633-BAE3BEF277CB}> in the current context!
Error: Unable to interpret <[2012/10/09 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder (2)> in the current context!
Error: Unable to <O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-1-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)> in the current context!
Error: Unable to interpret <O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!
Error: Unable to interpret < > intimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program > in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Servicess: DhcpNameServer = 194.168.4.100 194.168.8.100> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\inbox - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\vipr..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start MenuD7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-[DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Rubit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServToolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GMountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)> in the current context!
Error: Unable to interpret <O35:*64bit:* - HKLM\..comfype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)> in the current context!
Error: Unable to interpret <O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:*64bit:* -


----------



## eddie5659

Wait, that's not right. Don't post anymore, I'll try and word it easier


----------



## sweetrose

rpret <O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /syncO18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun> in the current context!
Error: Unable to interprele to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\inbox - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the cuO3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer gram Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program > in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16 - rrent context!
Error: Unabe to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program \Microsoft\Windows\Start MenuD7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable tUnable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to rpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpreto interpret <O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)> in the current context!
Error: Unable to int


----------



## eddie5659

Okay, we can do this another way, as it looks like the fix didn't work.

So, firstly download the attached file.

Then, start OTL again, but this time leave the Custom Code box empty.

Click the *Run Fix* button, and a prompt will appear saying there is no fix loaded.

Then, click OK then browse to the file you downloaded, and click Open.

You may have saved it where all the other files are, here:

*C:\Users\ann\Downloads*

Then, it will be shown in the Custom box, and then you can press the *Run Fix* button again, and then the fix will start.

Post the log it creates after. It may require a reboot.


----------



## sweetrose

EDDIE its still like this,,


----------



## eddie5659

Are you pressing Run Fix or Quick Scan? It should work on Run Fix.


----------



## sweetrose

hi Eddie..just the fix one


----------



## eddie5659

Did you download the file that I attached, and then point to it when OTL asked for the fix?

If you're unsure, I'll post some pictures


----------



## sweetrose

im sure i did wot you ask Eddie but you can post it to me


----------



## eddie5659

Firstly, I named the file wrong, so renamed it, so just follow as below 

Okay, firstly on this post, I have uploaded a fix:

http://forums.techguy.org/8497335-post214.html

So, firstly, click on the text file to download it like you normally do with files etc:

------------------------------








------------------------------

Then, open up OTL as before, but just click *Run Fix*. Don't type anything in the empty box at the bottom:










A box will appear:










Click OK. A second window will apear, and using the dropdown under *Look In*, browse to the file *fix.txt*.

It may be in your default download folder: *C:\Users\ann\Downloads*:










When its found, click on it to highlight it, so that it appears in the bottom under *FileName*










Now, click *Open*:










and the details will appear in the box at the bottom:










Now, click *Run Fix* again, and the fix will start.


----------



## sweetrose

where is the custom cod


----------



## eddie5659

I've created a txt file here of the code:

http://forums.techguy.org/8497335-post214.html

Its a notepad called *fix.txt*

Just download that as normal, then follow the rest of the instructions


----------



## sweetrose

Eddie it will not open


----------



## eddie5659

The file?

Try from this attachment


----------



## sweetrose

i did wot you told me Eddie but the file says can not open


----------



## sweetrose

maybe becoust i have a new Id now not emmliygreen


----------



## eddie5659

I'm not sure why you can't download it, as you managed to get all ther other programs here. Can you click on the file, so that it will say its downloading?

Can you see the file I attached?


----------



## sweetrose

it just says i can,t open it


----------



## eddie5659

If you right-click on and select *Save Link As*, it should let you download it:


----------



## sweetrose

will have a new go at it Eddie if you don,t see it tonight i let you no tomorrow


----------



## eddie5659

I'll be here a bit longer, so jsut let me know if you still have problems


----------



## sweetrose

ok Eddie i will see wot i can do now


----------



## sweetrose

eddie did you want me to download somthink elst .if so i never


----------



## eddie5659

No, its just a file called FIX.TXT:

http://forums.techguy.org/8498355-post224.html

In that page, there is a file under the *Attached Files*

That is the one you need to download, either by clicking on it, or right-clicking and selecting *Save Link As* from the option, and save it to your computer.


----------



## sweetrose

thats the one iv been trying


----------



## eddie5659

Not sure why its not working, as you're a member here and others can get it 

Okay, we'll have to try another way. Can you copy all that I'll post next in the box, and paste it into a new Notepad.

Then, save it as Fix to your Desktop, and then do the OTL part as I posted just before:



> :OTL
> PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
> IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
> FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
> FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
> FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
> FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
> [2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
> CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
> CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
> CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
> CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
> O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
> O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
> O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
> O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
> O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
> O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
> O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
> O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
> O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
> O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
> O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
> O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
> O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
> O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
> O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
> O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
> O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
> O18:64bit: - Protocol\Handler\inbox - No CLSID value found
> O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
> O18:64bit: - Protocol\Handler\livecall - No CLSID value found
> O18:64bit: - Protocol\Handler\msnim - No CLSID value found
> O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
> O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
> O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
> O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
> O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
> O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
> O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
> O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
> O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
> O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
> O33 - MountPoints2\F\Shell - "" = AutoRun
> O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
> [1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
> [2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
> [2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
> :Files
> ipconfig /flushdns /c
> :Commands
> [purity]
> [resethosts]
> [emptytemp]
> [emptyjava]
> [EMPTYFLASH]
> [CREATERESTOREPOINT]
> [Reboot]


----------



## sweetrose

Eddie iv been doing every think you have told me to do but this time its not working i will have one more go tomorrow imgoing to sleepnow ,night Eddie willlet you no our i get on.,


----------



## eddie5659

For the above, I'll post how to do it now, for when you log back in 

So, first go to Start | All Programs:










Then, click on Accesories:










And then Notepad:










This will bring a blank page up. Now, in the below box, copy everything, starting from the top *:OTL*, all the way to the bottom, *[Reboot]*:



> :OTL
> PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
> IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
> FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
> FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
> FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
> FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
> [2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
> CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
> CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
> CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
> CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
> O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
> O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
> O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
> O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
> O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
> O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
> O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
> O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
> O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
> O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
> O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
> O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
> O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
> O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
> O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
> O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
> O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
> O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
> O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
> O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
> O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
> O18:64bit: - Protocol\Handler\inbox - No CLSID value found
> O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
> O18:64bit: - Protocol\Handler\livecall - No CLSID value found
> O18:64bit: - Protocol\Handler\msnim - No CLSID value found
> O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
> O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
> O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
> O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
> O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
> O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
> O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
> O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
> O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
> O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
> O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
> O33 - MountPoints2\F\Shell - "" = AutoRun
> O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
> [1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
> [2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
> [2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
> :Files
> ipconfig /flushdns /c
> :Commands
> [purity]
> [resethosts]
> [emptytemp]
> [emptyjava]
> [EMPTYFLASH]
> [CREATERESTOREPOINT]
> [Reboot]


Make sure its all highlighted:










Then, right-click as before, and select *Copy*:










Then, in your empty Notepad that you opened before, right-click and select *Paste*:










So that it looks like this:










Now, go to the top of the Notepad, and in the menu, select *File* and then *Save As*:










Now, save it to your Desktop, but in *File Name*, call it *Fix* and press *Save*:










Then, do the rest as mentioned here using OTL:

http://forums.techguy.org/8498319-post220.html


----------



## sweetrose

Eddie i did all that and rebot it to.now wot


----------



## eddie5659

Can you look in the folder where OTL is:

C:\Users\ann\Downloads

And see if you can see a text file called OTL.txt.

That will be the new log, as it will overwrite the old one with the new data.

Then, copy/paste the contents as you did before, here.


----------



## sweetrose

Extras logfile created on: 10/12/2012 3:02:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 19.83% Memory free
3.74 Gb Paging File | 1.14 Gb Available in Paging File | 30.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 74.46 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [
*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k \system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd .exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1412BE22-E1A9-4D70-8F7E-BEB85A1FE5D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{21B39B7C-EC7C-4C51-A06E-896E2935D40B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{29C3F8C3-9757-4BFF-B324-CEEB9ED7C1DD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{30B0BFCF-3F21-40B0-AA26-2E5896A958E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{33792BBA-C9D4-4D6F-842E-25F05F3A9F0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34C727E6-9892-4574-AD93-D7B8134DA417}" = lport=445 | protocol=6 | dir=in | app=system | 
"{38B5FB50-EB6B-44DC-9E00-0384780A4325}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{46F9721C-178C-4DCC-96CF-5E18772135CB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5082C9BC-FAEA-4EBD-BA22-97E178834F96}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{54B8C867-6E2A-487D-97B0-6C77478FA7BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6EF28F76-D038-48F9-96C5-D433491C4AF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78F08269-0EFD-4F18-ADCE-2E3D26774690}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D8FB2ED-D3BF-45E5-A75F-BFFB19B0B464}" = rport=138 | protocol=17 | dir=out | app=system | 
"{975099ED-4C57-4AE2-B937-56FA064F72F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B0A5DD16-037D-48B7-AE76-CA26424E4342}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B444328F-CE2B-4D05-8CCC-96322272B652}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B7356F99-CCBA-4E8F-A81A-A9713EA4C2FF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C0BA9C19-CD83-40AA-93D2-F75EB64E68F8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CCEDB825-B97E-44C9-8A4E-1AF9BFDDAF07}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF936C66-0894-4846-9114-7A61677E56D5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E4B53DBE-C6DF-4515-AFA3-043984C3E021}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC41A175-7796-4DFA-94B4-297D9F87094A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F513725B-CD53-4D8E-909D-F1BEF2CEAD59}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A22D04-17CE-4A7A-BCF1-FDFB348480D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{0DE0975C-5416-404F-A842-4A065DD2D901}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F5E004F-933A-4ABA-A9FA-F5C1BE9D5C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{128B173F-FA18-4B73-A789-848A7257C2B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D452E3F-A193-4772-AFF1-8DB6973F1A05}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{29BF7CC7-0008-4E54-8CA8-3A20EBD573AB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{2E24D8F3-9AEC-458B-A9B3-83BABEB820D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{2FB0476D-C958-491A-B199-84296178933D}" = dir=in | app=c:\users\ann\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{30AD33C1-7875-4A5E-9BCC-4071A860DF42}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{3ED5BAF3-2695-4DA7-94E4-DD727033025A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{43A895AD-489E-4446-969A-5510ADB0A54C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{51F9A07A-9881-45A0-A3A8-E9033DCC5419}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{575DA838-DD41-4F22-B725-C7081EF9576C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{68120DFB-60FC-49A3-89F5-423573878A45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D5ADA39-5C3A-4015-A4FC-9A2114585A98}" = protocol=1 | dir=in | [email protected],-28543 | 
"{734A3211-F0CE-4342-A417-47C663E9CF5C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75874067-8379-47AB-89E1-E892D6E2DCD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B411E3F-AA61-48EA-9F55-41CB30258FA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F372D1F-1334-4F5F-B9C6-DFD35E969B1B}" = protocol=6 | dir=out | app=system | 
"{82C2DCEF-E2B9-4F2B-B8AA-CDB5A2386881}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{84D7CD5D-6398-45FF-9CA2-D96D424A19E8}" = protocol=1 | dir=out | [email protected],-28544 | 
"{866CD8E1-1C55-45DB-819E-74A6AFFD33B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88687B91-A55E-40F2-B094-777CE0B418C2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{894EE217-7DAD-4F53-864C-B5E75DF8D75A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{899F55BB-BEB1-4E2D-ABD1-11A10640EEF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C08978B-0B9A-4762-8C65-3368E7CC6AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{9D4AAEC1-8462-43B3-9A12-ED132A448AA1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{9DA46FA7-CB5E-4D75-A554-7940F1378723}" = protocol=58 | dir=in | [email protected],-28545 | 
"{A4A77545-33F8-4203-B550-D0C1816603CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC202B83-0ED5-4344-87D3-86ACC9C51F98}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BCA06683-48A8-4703-9782-5AB9F5123392}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2E58FDF-3995-45A9-B4B6-7167F2EB5A05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E46608B4-1E7A-4208-A046-6B2668104675}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E835A3FB-BB37-4D6A-8F4A-15CEF74B330C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EB514913-C1D4-4B65-B28A-58186C498630}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F4FD7919-F3AE-4C14-9466-D94F1FD243C4}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{FB134EBA-E271-49E4-98C2-59534D0361B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{2C014738-CF28-4716-AECB-4537428831E1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query 8B4-1E7A-4208-A046-6B2668104675}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E835A3FB-BB37-4D6A-8F4A-15CEF74B330C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EB514913-C1D4-4B65-B28A-58186C498630}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F4FD7919-F3AE-4C14-9466-D94F1FD243C4}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{FB134EBA-E271-49E4-98C2-59534D0361B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{2C014738-CF28-4716-AECB-4537428831E1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{A4A79F94-B537-4C4A-BA99-744CFD03BC4B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{08DD9E07-785F-4CF1-BA32-D5D5354D6466}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{7FE535F1-7014-4799-B09F-A110BF5F04EF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825ECBB1-2BCD-4BA5-BB46-63DB8D9ABF45}" = AVG 2013
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E79A9906-B06E-4937-8B85-88F1E41A2C0C}" = AVG 2013
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34F4D9A4-42C2-4348-6E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0--1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-3D3B}" = SkyPlayer for Windows Media Center
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDE58148-57E7-43BF-879A--BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"conduitEngine" = Conduit Engine 
"DivX Setup" = DivX Setup
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"iNTERNET_TURBO Too{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"iNTERNET_TURBO Toolbar" = iNTERNET TURBO Toolbar
"king.com" = king.com (remove only)
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Wajam" = Wajam
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" Pro v3.0
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Wajam" = Wajam
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
"WTA-42fc1002-c7ad-40b1-9293-a462c0f125c5" = Virtual Villagers 5 - New Believers
"WTA-791e3c4d-0a82-4f0d-b2d6-80b0fc5d1487" = Bejeweled 3
"WTA-976cffc2-d1e1-407c-b7e5-d2be59f5d091" = Super Yum Yum: Puzzle Adventures
"WTA-cd240b0c-d7f7-4906-9ea9-8f7743c9fdac" = Alchemy Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2012 8:47:43 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = userProfileData
c7ad-40b1-9293-a462c0f125c5" = Virtual Villagers 5 - New Believers
"WTA-791e3c4d-0a82-4f0d-b2d6-80b0fc5d1487" = Bejeweled 3
"WTA-976cffc2-d1e1-407c-b7e5-d2be59f5d091" = Super Yum Yum: Puzzle Adventures
"WTA-cd240b0c-d7f7-4906-9ea9-8f7743c9fdac" = Alchemy Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2012 8:47:43 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description be59f5d091" = Super Yum Yum: Puzzle Adventures
"WTA-cd240b0c-d7f7-4906-9ea9-8f7743c9fdac" = Alchemy Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2012 8:47:43 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = userProfileData

Error - 10/11/2012 10:57:25 AM | Computer Name = ann-TOSH | Source = MsiInstaller | ID = 11606
Description =

Error - 10/11/2012 10:57:25 AM | Computer Name = ann-TOSH | Source = MsiInstaller | ID = 11606
Description =

Error - 10/11/2012 12:21:51 PM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 10/11/2012 12:21:54 PM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = userProfileData

Error - 10/11/2012 6:15:21 PM | Computer Name = ann-TOSH | Source = MsiInstaller | ID = 11314
Description =

Error - 10/12/2012 2:04:14 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue10/12/2012 2:04:15 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = userProfileData

Error - 10/12/2012 9:15:26 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 10/12/2012 9:15:27 AM | Computer Name = ann-TOSH | Source = VmbService | ID = 0
Description = userProfileData

[ Media Center Events ]
Error - 4/20/2011 11:27:43 AM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 16:27:35 - Error connecting to the internet. 16:27:35 - Unable 
to contact server..

Error - 4/20/2011 12:32:12 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 17:32:11 - Error connecting to the internet. 17:32:12 - Unable 
to contact server..

Error - 4/20/2011 12:33:01 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 17:32:41 - Error connecting to the internet. 17:32:41 - Unable 
to contact /2011 2:40:54 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 19:40:49 - Error connecting to the internet. 19:40:50 - Unable 
to contact server..

Error - 4/22/2011 12:28:10 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 17:28:01 - Error connecting to the internet. 17:28:01 - Unable 
to contact server..

Error - 4/23/2011 12:09:00 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 17:09:00 - Error connecting to the internet. 17:09:00 - Unable 
to contact server..

Error - 4/23/2011 12:09:13 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 17:09:06 - Error connecting to the internet. 17:09:06 - Unable 
to contact server..

Error - 6/24/2011 1:38:50 PM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 18:38:48 - Error connecting to the internet. 18:38:49 - Unable 
to contact server..

Error - 7/1/2011 11:45:40 AM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 16:45:40 - Error connecting to the internet. 16:45:40 - Unable 
to cont/2011 11:45:51 AM | Computer Name = ann-TOSH | Source = MCUpdate | ID = 0
Description = 16:45:45 - Error connecting to the internet. 16:45:45 - Unable 
to contact server..

[ System Events ]
Error - 10/10/2012 2:17:06 AM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/10/2012 11:06:12 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/10/2012 5:48:58 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 2:48:54 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 5:54:51 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Descriptio
Error - 10/10/2012 11:06:12 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/10/2012 5:48:58 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 2:48:54 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 5:54:51 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 10:57:26 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 10:57:40 AM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/11/2012 6:15:31 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 6:16:08 PM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 10/12/2012 2:03:55 AM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/10/2012 11:06:12 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/10/2012 5:48:58 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 2:48:54 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 5:54:51 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 10:57:26 AM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 10:57:40 AM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/11/2012 6:15:31 PM | Computer Name = ann-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Skype 5.10 for Windows (KB2727727).

Error - 10/11/2012 6:16:08 PM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 10/12/2012 2:03:55 AM | Computer Name = ann-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


----------



## eddie5659

Well, that's the extra's log. Not the one I needed, but good to see its posted, as I'll look at that fully tomorow 

Can you also see if you have this one:

*OTL.txt*

It may be in the download folder, or where-ever OTL the program, is saved to.


----------



## sweetrose

wil look tomorrow Eddie and let you no.im now going to sleep hope you have a good night,,,


----------



## sweetrose

is this it Eddi.


----------



## sweetrose

OTL logfile created on: 10/16/2012 9:16:39 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.20 Gb Available Physical Memory | 10.65% Memory free
3.74 Gb Paging File | 1.13 Gb Available in Paging File | 30.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 74.16 Gb Free Space | 63.69% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/16 09:13:27 | 007,203,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/07 12:58:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Downloads\OTL (1).exe
PRC - [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/06/17 19:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/04/26 14:08:24 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/11/03 18:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [20- [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/07 - [2012/10/03 10:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/03 18:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 18:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/23 19:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 18:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 18:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 18:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/07 [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 18:26:12 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/08/18 19:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 olor=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:*64bit:* - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2012/09/03 18:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*6 [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 08:10:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/24 16:11:18 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/11 11:44:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/08/11 11:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/05/20 14:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:64bit: - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/21 01:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: -[2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/08/11 11:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/08/11 11:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/05/20 14:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:64bit: - [2010/04/28 12:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/21 01:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
IE - HKCU\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKCU\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&q=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={91AAAA7E-22F1-4FDE-BE01-003A27F6E136}&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&lang=en&ds=AVG&pr=pr&d=2012-10-03 10:28:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKCU\..\SearchScopes\{C..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.34
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B7c5d5d8c-cafc-4f99-a863-d279631c5510%7D&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&ds=AVG&v=12.2.5.34&lang=en&pr=pr&d=2012-10-03%2010%3A28%3A31&sap=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Soicrosoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/03 10:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 16:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 21:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozware\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/03 10:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 16:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 21:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 20:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Extensions
[2012/10/04 15:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions
[2012/08/15 21:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/03 10:29:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34
[2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/03 10:28:21 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=11...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Searcon: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Singname) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Fileram Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Paol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 09:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/16 07:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E8E0006A-FFAD-4046-A57B-245C7956C400}
[2012/10/15 22:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/15 20:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 14:12:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B0BCB94-4D85-4D15-AF18-0E75E5C712D7}
[2012/10/14 20:55:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{66E0DA3C-CE65-475C-B8C0-9CE5B63A56A3}
[2012/10/14 08:55:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{167AD287-3A6E-4692-A2E9-A3F9F392E12C}
[2012/10/14 08:33:13 | 000,000,000 bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 09:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/16 07:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E8E0006A-FFAD-4046-A57B-245C7956C400}
[2012/10/15 22:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/15 20:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 14:12:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B0BCB94-4D85-4D15-AF18-0E75E5C712D7}
[2012/10/14 20:55:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{66E0DA3C-CE65-475C-B8C0-9CE5B63A56A3}
[2012/10/14 08:55:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{167AD287-3A6E-4692-A2E9-A3F9F392E12C}
[2012/10/14 08:33:13 | 000,000,000 | ---D | C] -- C:\Users\ann\Documents\Fax
[2012/10/14 08:33:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2807ED7F-589B-45FB-8D0A-21025F13F338}
[2012/10/14 08:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{31F18C97-2C2B-49B6-9D3A-88D3AA599737}
[2012/10/14 08:06:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1E07DCB5-D853-4F5C-AF8B-AC734944A87B}
[2012/10/14 08:01:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6FD3E7C6-7093-4567-A62C-C6DBAEC79678}
[2012/10/13 13:58:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B2B85854-3F77-404B-8729-31C2B1BACF40}
[2012/10/12 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F2305E10-A6C8-41CD-A71E-6DB3BEB09B3E}
[2012/10/12 07:21:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D788C5B-2D2F-4EFB-BB6D-B9D9CB3B1373}
[2012/10/11 19:20:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C1DD3728-C8E0-4B3D-90AE-AA174DF1A72B}
[2012/10/11 07:20:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B481F9F9-56BF-496D-9571-09BEDBD44491}
[2012/10/10 19:19:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2D9BF89C-2087-4662-8931-C7492049B401}
[2012/10/10 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{268922BE-9566-44C0-8633-BAE3BEF277CB}
[2012/10/09 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder (2)
[2012/10/09 18:17:11 | 000,000,000 | ---D | C] -- C:\rsit
[2012/10/09 14:38:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C0D35421-E5FC-4471-BACB-ABB5975925C7}
[2012/10/08 22:52:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BB7E2642-3C6F-426A-92FB-ECAD08E37B65}
[2012/10/08 21:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012/10/08 10:52:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F33F4E90-4C7C-49F1-A52D-3EC23F84D657}
[2012/10/07 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B7C9C94-2836-4E4E-96BD-B02AAF9E8285}
[2012/10/06 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A6488ED8-B30C-4337-8A6D-3C097859AF3B}
[2012/10/05 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B102234-C72E-494D-8DDA-A112DE989B91}
[2012/10/05 07:21:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FECE62E8-675C-4254-BAEE-D8CCC3973F3E}
[2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/04000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E3A2A49D-466E-4126-8D7F-E26D0C0214C2}
[2012/10/03 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B544F14-9020-4A3D-8931-04408CB60D6D}
[2012/10/03 10:30:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/10/03 10:29:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2012/10/03 10:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/10/03 10:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData
[2012/10/03 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013
[2012/10/03 07:16:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4BBCD0D6-09AC-41F0-BA05-F92B2FE61C37}
[2012/10/02 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B6CC265-6592-4FC6-A097-6C5F8698781C}
[2012/10/02 14:28:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{09527887-56EF-44B7-B19F-C49F11DB916F}
[2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/01 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D38618CD-F270-4719-ACA5-36BA99F69A81}
[2012/10/01 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9AB00F5F-574A-4F2B-A653-6C108731594B}
[2012/09/30 07:49:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B3D2686C-7340-4183-956F-1D409FB93584}
[2012/09/29 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DCDC982-D57D-4BD9-B8DE-9F02399EE7A7}
[2012/09/28 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17065003-8D52-4D7A-8C72-84732DAD25B1}
[2012/09/28 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/28 07:23:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E8E7999-5FCE-448C-A190-32C1F8C2295D}
[2012/09/27 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9E9AF723-7115-468B-9D99-EC5B51CEFD01}
[2012/09/26 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{708F3BCB-18AC-4984-AFAF-EC6D953F69C4}
[2012/09/26 07:12:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ACDFB89-0D2A-43E5-8FB3-94032960318E}
[2012/09/25 19:06: | C] -- C:\ProgramData\SUPERSetup
[2012/09/25 07:05:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8068E14A-A565-4ACB-B8B6-F90541255D7D}
[2012/09/25 07:02:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2032383E-9B96-46E7-9ABB-813040944975}
[2012/09/24 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 20:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:53:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/24 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 14:15:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0CD02C55-E131-4799-9260-A50552F986F2}
[2012/09/23 20:10:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AE26E3D0-71CD-4F4F-BE0E-5B34F3D10185}
[2012/09/23 07:59:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4FF6E3DB-92F3-4034-9398-AE566EE92EED}
[2012/09/23 07:59:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{13FE6663-72EF-48FC-B5FD-15932BC34B26}
[2012/09/22 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2689C88E-26E2-4AD2-BE79-EB7043092F3C}
[2012/09/21 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{67077770-D3E7-400C-A2FD-9FCDF4047648}
[2012/09/21 03:46:04 | 000,200,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/21 03:46:00 | 000,225,120 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012/09/21 03:45:50 | 000,061,792 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/20 21:30:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Malwarebytes
[2012/09/20 21:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 21:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 21:29:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/20 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder
[2012/09/20 14:16:23 | 000,000,000 | --[2012/09/20 21:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/20 21:29:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/20 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder
[2012/09/20 14:16:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{561B3F6F-5FD9-4ECA-AAAE-223E4EA7B31C}
[2012/09/19 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107E62F3-24F1-450B-AE27-8443601BE996}
[2012/09/19 07:54:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9A77A327-3B5E-4674-8990-96472AF10A40}
[2012/09/18 19:53:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{24E59612-9EDB-47C5-8BD5-8045CD6ADCEC}
[2012/09/18 19:53:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D101636E-EED4-46DC-852A-F35237BEB04F}
[2012/09/18 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/09/18 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2012/09/18 07:30:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55D7289A-847E-44CE-8D2D-12F77F31A885}
[2012/09/17 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{097A9D80-AFE1-41E8-B4A1-CDEDE0424AC9}
[2012/09/16 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{02E3BE57-47E9-4031-BC35-6F0DD5C5C951}
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/16 09:19:07 | 000,000,348 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/16 09:18:28 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/16 09:15:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 09:15:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 09:08:31 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/10/16 09:08:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 09:08:24 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/10/16 09:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/16 09:07:23 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 21:34:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 21:33:30 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/15 20:26:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/15 20:26:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/15 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/15 20:26:02 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/15 20:26:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/15 19:00:40 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/10/15 15:33:06 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/14 08:09:59 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/14 08:09:59 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/14 08:09:59 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/11 07:35:53 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/10/10 14:51:08 | 000,000,323 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab
[2012/10/07 13:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/28 15:02:00 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/24 20:06:10 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/13 15:07:41 | 000,000,348 | ---- | C] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/10 14:51:08 | 000,000,323 /10/07 13:06:34 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/10/03 10:29:36 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/28 15:00:16 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/09/28 15:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/24 20:04:07 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/02 13:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 08:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 20:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 20:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 15:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 15:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 15:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 17:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 17:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 19:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 19:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 12:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 11:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 14:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 14:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 14:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 14:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011


----------



## eddie5659

well, that was a scan from the past few days:



> OTL logfile created on: *10/16/2012* 9:16:39 AM - Run 6
> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads


But nothing was removed still 

Can you see if AVG is blocking the download, by disabling it. See here how to do it again:

http://forums.techguy.org/8473733-post55.html

Then, see if you can get the file that I posted here:

http://forums.techguy.org/8498355-post224.html

Just click on it with the left mouse button, and it should download.

You're just to click on this:










Then, follow the instructions here:

http://forums.techguy.org/8498319-post220.html

And when you do run it, please press *RUN FIX* NOT *RUN SCAN*.

The last log you posted was a scan, not a fix


----------



## sweetrose

Eddie i can,t get it


----------



## eddie5659

Can you send me your email address, and I'll send it to you, so that you can download it that way


----------



## sweetrose

Eddie it says it can,t open files


----------



## eddie5659

I'll email you this tomorrow, and I've saved your email address 

I'll delete the two replies you posted with them in, so you dn't get spam emails


----------



## sweetrose

thanks Eddie........


----------



## eddie5659

Sent you the email 

Just download the fix, and then do as here:

http://forums.techguy.org/8498319-post220.html

And post the log it should create, here 

eddie


----------



## eddie5659

Hi

Got your email, and you say you can't open it. Can you download it okay to your computer, its just when you try and open the file, it says it cannot open?

Does it look like this when its downloaded:


----------



## sweetrose

no not like that Eddie when i try to open that otl text its that 
that dont open and says it can,t


----------



## eddie5659

For some reason, it sounds like you don't have Notepad, but you do as you have posted other logs.

Did you save it to the same Download folder as before? If so, can you do this for me, so that we can see if its saved incorrectly 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:



Code:


:dir
C:\Users\ann\Downloads


Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## sweetrose

it keeps coming up error


----------



## eddie5659

What does? The SystemLook program that I just posted? If so, what does the error say?


----------



## sweetrose

its a box and says look or exit


----------



## eddie5659

Okay, when you have the box open, copy/paste this in:



Code:


:dir
C:\Users\ann\Downloads

Then, press *Look* and it will start to scan.

A log will appear, just copy/paste all of that here


----------



## sweetrose

it wont open Eddie says scrips required


----------



## eddie5659

Are you looking at this:










If so, you then need to copy/paste this code:



Code:


:dir
C:\Users\ann\Downloads

into it, so that it looks like this:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished 

eddie


----------



## sweetrose

is this it ......
- Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Re


----------



## eddie5659

No, that's a different log. When you ran SystemLook as above, if a log didn't appear, take a look on your Desktop, for a notepad that is called:

*SystemLook.txt*

That's the one I need


----------



## sweetrose

created at 21:14 on 22/10/2012 by ann
Administrator - Elevation successful

No Context: HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}

No Context: IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

No Context: IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}

No Context: IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

No Context: IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
30.07.11 by jpshortstuff
Log created at 21:14 on 22/10/2012 by ann
Administrator - Elevation successful

No Context: HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}

No Context: IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

No Context: IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}

No Context: IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}

No Context: IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX

No Context: FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

No Context: FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

No Context: FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found

No Context: FF - HKEY_LOCAL_MACHINE
No 1720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en

No Context: IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX

No Context: FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

No Context: FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

No Context: FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found

No Context: FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin

No Context: [2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

No Context: CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8

No Context: CHR - \software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin

No Context: [2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

No Context: CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8

No Context: CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8

No Context: CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll

No Context: CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll

No Context: O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

No Context: O2 - BHO: (iNTERNET TURBO Toolbar) - {09
No Context: CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll

No Context: O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

No Context: O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)

No Context: O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

No Context: O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

No Context: O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found

No Context: O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found

No Context: O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)

No Context: O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\To
No Context: O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found

No Context: O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)

No Context: O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

No Context: O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

No Context: O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found

No Context: O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

No Context: O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.

No Context: O3 - HKU\.DEFAULT\..
No Context: O3 - HKU\.DEFAULT\..\ToolbarMediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

No Context: O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

No Context: O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.

No Context: O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.

No Context: O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.

No Context: O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.

No Context: O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.

No Context: O3 - HKU\S-1-5-21-2371791720-1978839507-1749
No Context: O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.

No Context: O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

No Context: O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)

No Context: O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

No Context: O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found

No Context: O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

No Context: O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found

No Context: O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

No Context: O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

No Context: O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

No Context: O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

No Context: O18:64bit: - Protocol\Handler\inbox - No CLSID value found

No Context: O18:64bit: - Protocol\Handlerm Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

No Context: O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found

No Context: O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

No Context: O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

No Context: O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

No Context: O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

No Context: O18:64bit: - Protocol\Handler\inbox - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

No Context: O18:64bit: - Protocol\Handler\livecall - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\msnim - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

No Context: O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

No Context: O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

No Context: O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)

No Context: O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D
No Context: O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

No Context: O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

No Context: O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun

No Context: O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence

No Context: O33 - MountPoints2\F\Shell - "" = AutoRun

No Context: O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence

No Context: [1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]

No Context: [2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon

No Context: [2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo

Invalid Context: Files

No Context: ipconfig /flushdns /xt: Commands

No Context: [purity]

No Context: [resethosts]

No Context: [emptytemp]

No Context: [emptyjava]

No Context: [EMPTYFLASH]

No Context: [CREATERESTOREPOINT]

No Context: [Re

-= EOF =


----------



## eddie5659

You're running the wrong program. *Don't* use the OTL program, but use the one called *SystemLook *

You already downloaded SystemLook, so have a look here to see if you can see it:

*C:\Users\ann\Downloads*

It will have this icon:










Then, open it and you should just have a big box like this:










then you need to copy/paste this code:



Code:


:dir
C:\Users\ann\Downloads

into it, so that it looks like this:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished 

eddie


----------



## sweetrose

Eddie this is the only one i can find

temLook 30.07.11 by jpshortstuff
Log created at 09:32 on 23/10/2012 by ann
Administrator - Elevation successful

========== dir ==========

C:\Users\ann\Downloads - Parameters: "(none)"

---Files---
043.JPG	--a---- 4989512 bytes	[20:50 04/09/2012]	[20:50 04/09/2012]
57a46a27-5176-4594-beb7-2def0f0b8bd4.wmv	--a---- 22245535 bytes	[20:54 09/03/2011]	[20:54 09/03/2011]
Attachments_2012_10_18.zip	--a---- 22 bytes	[21:02 18/10/2012]	[07:12 21/10/2012]
chromeinstall-7u7.exe	--a---- 894952 bytes	[13:47 28/09/2012]	[13:47 28/09/2012]
desktop.ini	--ahs-- 282 bytes	[16:00 11/07/2012]	[16:00 11/07/2012]
Extras.Txt	--a---- 71040 bytes	[14:22 12/10/2012]	[19:42 17/10/2012]
fix (1).txt	--a---- 11309 bytes	[16:44 20/10/2012]	[16:44 20/10/2012]
fix.txt	--a---- 0 bytes	[20:08 22/10/2012]	[20:08 22/10/2012]
Image001.jpg	--a---- 269442 bytes	[14:17 29/08/2012]	[19:08 29/08/2012]
jre-7u7-windows-i586 (1).exe	--a---- 31175144 bytes	[12:56 28/09/2012]	[12:57 28/09/2012]
MoviesSetup (1).exe	--a---- 1451512 bytes	[17:08 07/04/2012]	[17:08 07/04/2012]
OTL (1).exe	--a---- 602112 bytes	[11:57 07/10/2012]	[11:58 07/10/2012]
OTL.Txt	--a---- 123866 bytes	[14:21 12/10/2012]	[18:01 20/10/2012]
Photo.zip	--a---- 22 bytes	[20:15 17/03/2012]	[20:16 17/03/2012]
RSIT.exe	--a---- 781383 bytes	[17:54 09/10/2012]	[17:54 09/10/2012]
SecurityCheck (1).exe	--a---- 881724 bytes	[20:23 27/09/2012]	[20:24 27/09/2012]
sfp (2).zip	--a---- 264875 bytes	[18:01 09/10/2012]	[18:01 09/10/2012]
sfp (3).zip	--a---- 264875 bytes	[13:52 10/10/2012]	[13:52 10/10/2012]
SystemLook.txt	--a---- 0 bytes	[20:14 22/10/2012]	[08:32 23/10/2012]
SystemLook_x64.exe	--a---- 165376 bytes	[19:41 22/10/2012]	[19:41 22/10/2012]
TFC.exe	--a---- 448512 bytes	[16:55 03/10/2012]	[16:55 03/10/2012]
Thumbs.db	--ahs-- 18944 bytes	[14:39 29/05/2012]	[17:05 04/06/2012]

---Folders---
New folder	d------	[17:12 07/10/2012]
New folder (2)	d------	[17:33 09/10/2012]
New folder (3)	d------	[09:13 16/10/2012]


----------



## eddie5659

That's the one :up:

I'll look at this fully when I get home


----------



## sweetrose

thanks Eddie .and sorry for being a bit slow on this


----------



## eddie5659

Its perfectly okay, everyone has to start at the begining, and over time we then learn other things 

Okay, I can see two files that I want to use. For some reason, the latest has no size, but I just checked on mine, and you have the exact file to run the fix.

Only thing is, we need to rename it for it to work 

So, lets try and work thru this.

Firstly, in the folder:

*C:\Users\ann\Downloads*

You have this file:

*fix.txt*

This needs to be deleted as (for some reason) it has nothing in it.

Just click on it and press the *Delete * button on your keyboard.

------------------

Now, you should be just left with this:

*fix (1).txt*

So, firstly click on the file to highlight it, and then using the mouse, press the right button:










Then, select the *Rename* option:










Now, it will highlight the word of the filename, as follows:










In the box, type *fix*:










And press the *Return* or *Enter* key on the keyboard:










-----------------------

Now, to see if its worked, can you re-run SystemLook exactly as you did before, and a new log will appear. Copy/paste that here so I know its worked 

http://forums.techguy.org/8504078-post265.html


----------



## sweetrose

ok will do it in a few mins and let you no .........


----------



## eddie5659

Oki doki. Take your time, and make sure its how I posted in the screenshots above 

Then, when you think its all okay, re-run SystemLook and post the new log


----------



## sweetrose

Eddie i can not find fix 1 tex.been looking for a hour for it


----------



## sweetrose

i can,t do wot you ask me Eddie and i can only fine this but i think you have it


----------



## eddie5659

From the original log you posted, this is the contents of your download folder. I've *Bolded* the file that is showing as there:



> C:\Users\ann\Downloads - Parameters: "(none)"
> 
> ---Files---
> 043.JPG --a---- 4989512 bytes [20:50 04/09/2012] [20:50 04/09/2012]
> 57a46a27-5176-4594-beb7-2def0f0b8bd4.wmv --a---- 22245535 bytes [20:54 09/03/2011] [20:54 09/03/2011]
> Attachments_2012_10_18.zip --a---- 22 bytes [21:02 18/10/2012] [07:12 21/10/2012]
> chromeinstall-7u7.exe --a---- 894952 bytes [13:47 28/09/2012] [13:47 28/09/2012]
> desktop.ini --ahs-- 282 bytes [16:00 11/07/2012] [16:00 11/07/2012]
> Extras.Txt --a---- 71040 bytes [14:22 12/10/2012] [19:42 17/10/2012]
> *fix (1).txt --a---- 11309 bytes [16:44 20/10/2012] [16:44 20/10/2012]*
> fix.txt --a---- 0 bytes [20:08 22/10/2012] [20:08 22/10/2012]
> Image001.jpg --a---- 269442 bytes [14:17 29/08/2012] [19:08 29/08/2012]
> jre-7u7-windows-i586 (1).exe --a---- 31175144 bytes [12:56 28/09/2012] [12:57 28/09/2012]
> MoviesSetup (1).exe --a---- 1451512 bytes [17:08 07/04/2012] [17:08 07/04/2012]
> OTL (1).exe --a---- 602112 bytes [11:57 07/10/2012] [11:58 07/10/2012]
> OTL.Txt --a---- 123866 bytes [14:21 12/10/2012] [18:01 20/10/2012]
> Photo.zip --a---- 22 bytes [20:15 17/03/2012] [20:16 17/03/2012]
> RSIT.exe --a---- 781383 bytes [17:54 09/10/2012] [17:54 09/10/2012]
> SecurityCheck (1).exe --a---- 881724 bytes [20:23 27/09/2012] [20:24 27/09/2012]
> sfp (2).zip --a---- 264875 bytes [18:01 09/10/2012] [18:01 09/10/2012]
> sfp (3).zip --a---- 264875 bytes [13:52 10/10/2012] [13:52 10/10/2012]
> SystemLook.txt --a---- 0 bytes [20:14 22/10/2012] [08:32 23/10/2012]
> SystemLook_x64.exe --a---- 165376 bytes [19:41 22/10/2012] [19:41 22/10/2012]
> TFC.exe --a---- 448512 bytes [16:55 03/10/2012] [16:55 03/10/2012]
> Thumbs.db --ahs-- 18944 bytes [14:39 29/05/2012] [17:05 04/06/2012]


It may just be called:

*fix (1)*


----------



## sweetrose

i went on there to Eddie


----------



## eddie5659

Can you re-run the program again, so I can see what you have.

If it has gone, then we can get the file again 

Just do all that is here 

http://forums.techguy.org/8504078-post265.html


----------



## sweetrose

Eddie that icon: is not showing


----------



## eddie5659

Is the Download folder empty?

If so, redownload the program from here:

*Download Link*


----------



## sweetrose

Eddie i have that but can,t fnd that that icon you told me .i have that fill c.ann.miles


----------



## eddie5659

Okay, lets leave the program for now. Can you see if you can download this for me:


----------



## sweetrose

that is doneand download


----------



## eddie5659

Okay. Now, if you can have a look in the Download folder, is there a text file called *fix*?

Also, just make sure that there is no other file that has *fix* in the name.

Just want to be double-sure


----------



## sweetrose

i see fix i ..then just fix.and a fix 2


----------



## eddie5659

Okay, looks like its renamed itself.

Can you delete all three files:

fix 1
fix
fix 2

Then, when they're gone, redownload that file again, and check to see if you just have 

fix


----------



## sweetrose

i have just fix now


----------



## eddie5659

Excellent :up:

Now, can you open up this one:

*OTL (1)*

Now, following my screenshots below, we'll run the fix. It may take a while to run, so if you want to do this tomorrow, that's fine 

Press the *Run Fix*. Don't type anything in the empty box at the bottom:










A box will appear:










Click OK. A second window will apear, and using the dropdown under *Look In*, browse to the file *fix*.

It may be in your default download folder: *C:\Users\ann\Downloads*:










When its found, click on it to highlight it, so that it appears in the bottom under *FileName*










Now, click *Open*:










and the details will appear in the box at the bottom:










Now, click *Run Fix* again, and the fix will start.


----------



## sweetrose

can you send me that dowload agin to run fixer


----------



## eddie5659

Yep, no problem 

*OTL Link Here*

It should be called *OTL* when you've downloaded it, so ignore anything else in there.


----------



## sweetrose

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]


----------



## sweetrose

L
PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} - No CLSID value found
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115038&tt=3412_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = https://dts.search-results.com/sr?sr...ystemid=101&q=
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80506&lng=en
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb72/?search={searchTerms}&loc=search_box&a=NUYk1PqMbX
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\2.bin
[2012/08/25 20:36:46 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - homepage: http://search.babylon.com/?affID=115...0088252cba0aa8
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09152f0b-739c-4dec-a245-1aa8a37594f1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (no name) - {B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} - No CLSID value found.
O3 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
[1 C:\Users\ann\AppData\Local\*.tmp files -> C:\Users\ann\AppData\Local\*.tmp -> ]
[2012/08/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Babylon
[2012/06/27 09:34:13 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Bandoo
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH]


----------



## eddie5659

Nope, don't click Run Scan. That will just create a scan.

Click *Run Fix* exactly as posted here:

http://forums.techguy.org/8506248-post286.html

That way, the fix that you downloaded earlier will be used


----------



## sweetrose

iv done that


----------



## eddie5659

Okay, and did you manage to select the *fix* and then it removed the files?


----------



## sweetrose

no it never removed anythink


----------



## eddie5659

It should do, as you have the fix. Did you click on the Run FIX, and then locate the fix file?


----------



## sweetrose

i did that Eddie . i may have to do it again you no wot im like


----------



## eddie5659

If you can, it should bring a Notepad up after you run it. Copy/paste that here.


----------



## sweetrose

why can,t i do it , ( ;


----------



## eddie5659

Going in a min, but lets try it without the fix method.

--

Can you open up OTL again, but *don't* press any button,

Then, can you find the *fix* file and open it, using your mouse. Does it look like it has this sort of things inside:



> :OTL
> PRC - [2012/09/17 23:00:20 | 001,661,152 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
> IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
> IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
> IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=289&systemid=101&sr=0&q={searchTerms}
> IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
> IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012 042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll (Conduit Ltd.)
> IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
> 
> etc


If so, with your mouse, right-click on the contents and choose the *Select All* option.

All the text should be highlighted in blue.

Now, right-click again and choose the *Copy* option.

*Make sure you can see the parts I've highlighted with a circle in the below pictures*

Now, go back to the *OTL* program you have open, and in the *Custom Scans/Fixes*[/color] box at the bottom, right-click with your mouse and choose the *Paste* option, so it looks like this










eg:










Then click the *Run Fix* button at the top










And then click *OK*


----------



## sweetrose

think iv done it Eddie.well i hope i have.

All processes killed
========== OTL ==========
No active process named Inbox.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{09152f0b-739c-4dec-a245-1aa8a37594f1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09152f0b-739c-4dec-a245-1aa8a37594f1}\ deleted successfully.
C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{09152f0b-739c-4dec-a245-1aa8a37594f1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09152f0b-739c-4dec-a245-1aa8a37594f1}\ not found.
File C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7cbcac5-4ce2-4e50-9c6e-7d863a87aa96}\ not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\MyWebSearch\bar\2.bin not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll not found.
File C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09152f0b-739c-4dec-a245-1aa8a37594f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09152f0b-739c-4dec-a245-1aa8a37594f1}\ not found.
File C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
File C:\Program Files (x86)\Wajam\IE\priam_bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{09152f0b-739c-4dec-a245-1aa8a37594f1} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{09152f0b-739c-4dec-a245-1aa8a37594f1} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96}\ not found.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.
File C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InboxToolbar deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GameXN GO deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ deleted successfully.
File Protocol\Handler\inbox - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ not found.
File C:\Program 
4bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ not found.
File C:\Program Files (x86)\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfeb24f-6b61-11e0-907f-1c750875a867}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfeb24f-6b61-11e0-907f-1c750875a867}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfeb24f-6b61-11e0-907f-1c750875a867}\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
C:\Users\ann\AppData\Local\BITA43E.tmp deleted successfully.
C:\Users\ann\AppData\Roaming\Babylon folder moved successfully.
C:\Users\ann\AppData\Roaming\Bandoo folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ann\Downloads\cmd.bat deleted successfully.
C:\Users\ann\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 8292505 bytes
->Temporary Internet Files folder emptied: 42355903 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 368321174 bytes
->Flash cache emptied: 57078 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1173269 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 235603849 bytes

Total Files Cleaned = 625.00 mb

[EMPTYJAVA]

User: All Users

User: ann
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10252012_145451

Files\Folders moved on Reboot...
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6Q0C3I\ADSAdClient31[1].htm moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6Q0C3I\direct;auc.1048554813070146450;ai.277914353.278485053;ac.1350509823-22621642;wi.234;hi.60;cp[1].htm moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6Q0C3I\m0310tr[1].htm moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6Q0C3I\MessengerGamesLandingPage[1].htm moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6Q0C3I\tt[1].htm moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## eddie5659

WOOHHOOOOO!!!!!

Yep, that's it :up:

Okay, give me a few mins, and I'll see what's next


----------



## sweetrose

i did it..wooow Eddie


----------



## eddie5659

Well done 

Okay, now there is a few things left that we need to do. So, firstly, do you still have the SystemLook program?

It will have this icon:










If not, redownload it from here:

*Download Link*

Now, what I need you to do is run a scan so we can see what's left:

So, once you've either downloaded SystemLook, or found the original in your Download folder, open it up so it looks like this:










Now, I've created some code below. Using the mouse, highlight everything as you did before, by dragging the mouse to make all the words blue, so that its from the *:folderfind* all the way down to *Bandoo*

Then, right-click using your mouse and select *Copy*



Code:


:folderfind
*Searchqu
*MyWebSearch
*BabylonToolbar
*Shopping Sidekick
*iNTERNET_TURBO
*ConduitEngine
*PricePeep
*FunWebProducts
*babylon
*InboxToolbar
*Bandoo
:filefind
*Searchqu
*MyWebSearch
*BabylonToolbar
*Shopping Sidekick
*iNTERNET_TURBO
*ConduitEngine
*PricePeep
*FunWebProducts
*babylon
*InboxToolbar
*Bandoo
:regfind
Searchqu
MyWebSearch
BabylonToolbar
Shopping Sidekick
iNTERNET_TURBO
ConduitEngine
PricePeep
FunWebProducts
babylon
InboxToolbar
Bandoo

Now, inside the SystemLook box, right-click with your mouse and select the *Paste* option:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished

eddie


----------



## sweetrose

ok i will try that Eddie but it could take me some time...lol


----------



## eddie5659

That's perfectly okay. Just take your time with it, and when you're done, post it up


----------



## sweetrose

temLook 30.07.11 by jpshortstuff
Log created at 19:56 on 25/10/2012 by ann
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

No Context: folderfind

No Context: *Searchqu

No Context: *MyWebSearch

No Context: *BabylonToolbar

No Context: *Shopping Sidekick

No Context: *iNTERNET_TURBO

No Context: *ConduitEngine

No Context: *PricePeep

No Context: *FunWebProducts

No Context: *babylon

No Context: *InboxToolbar

No Context: *Bandoo

========== filefind ==========

Searching for "*Searchqu"
No files found.

Searching for "*MyWebSearch"
No files found.

Searching for "*BabylonToolbar"
No files found.

Searching for "*Shopping Sidekick"
No files found.

Searching for "*iNTERNET_TURBO"
No files found.

Searching for "*ConduitEngine"
No files found.

Searching for "*PricePeep"
No files found.

Searching for "*FunWebProducts"
No files found.

Searching for "*babylon"
No files found.

Searching for "*InboxToolbar"
No files found.

Searching for "*Bandoo"
No files found.

========== regfind ==========

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "MyWebSearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2011082802&ptnrS=ZUman000&si=&n=77deb032&psa=&st=sb&searchfor={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=kwd&searchfor="
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/mywebsearch/SNdns.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=dns&searchfor="
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2011082802&ptnrS=ZUman000&si=&n=77deb032&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=kwd&searchfor="
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/mywebsearch/SNdns.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=dns&searchfor="

Searching for "BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"

Searching for "Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"

Searching for "iNTERNET_TURBO"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\iNTERNET_TURBO]
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO]
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\toolbar]
"DisplayTitle"="iNTERNET_TURBO Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\toolbar]
"Path"="C:\Program Files (x86)\iNTERNET_TURBO"
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\iNTERNET_TURBO\iNTERNET_TURBOToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\toolbar]
"AutoUpdateHelperPath"="C:\Users\ann\AppData\Local\Conduit\CT3197087\iNTERNET_TURBOAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\toolbar]
"ProxyDllPath"="C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E585DDF-CCB1-4ED5-9C0F-4316A44B6CFE}]
"AppName"="iNTERNET_TURBOAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF943B18-FA64-4B95-8B02-0446878931A7}]
"AppPath"="C:\Program Files (x86)\iNTERNET_TURBO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF943B18-FA64-4B95-8B02-0446878931A7}]
"AppName"="iNTERNET_TURBOToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
"DisplayIcon"="C:\Program Files (x86)\iNTERNET_TURBO\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
"UninstallString"="C:\Program Files (x86)\iNTERNET_TURBO\uninstall.exe toolbar"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\iNTERNET_TURBO]

Searching for "ConduitEngine"
[HKEY_USERSULT\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"

Searching for "PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]

Searching for "FunWebProducts"
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products\CursorLoader]
"Dir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts]
[HKEY_CURRENT_USER\Software\FunWebProducts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
"FunWebProducts"="IEAK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
@="IFunWebProductsPopSwatterSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
@="_IFunWebProductsPopSwatterSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
@="IFunWebProductsPopSwatterSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
@="_IFunWebProductsPopSwatterSettingsEvents"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"sscSuggestionsURL"="http://srchsugg.funwebproducts.com/query?li=ff&sstype=prefix&q={searchTerms}"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"AutocompleteURL"="http://srchsugg.funwebproducts.com/query?q=&sstype=prefix"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Fun Web Products\CursorLoader]
"Dir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\FunWebProducts]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\FunWebProducts]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"sscSuggestionsURL"="http://srchsugg.funwebproducts.com/query?li=ff&sstype=prefix&q={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"AutocompleteURL"="http://srchsugg.funwebproducts.com/query?q=&sstype=prefix"

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"DisplayName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193]
"ProductName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193\SourceList]
"PackageName"="BabylonObjectInstaller.msi"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Babylon]

Searching for "InboxToolbar"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\CurVer]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\CurVer]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\CurVer]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\CurVer]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ProgID]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\VersionIndependentProgID]
@="BandooCore.ResourcesMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ProgID]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\VersionIndependentProgID]
@="BandooCore.SettingsMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ProgID]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\VersionIndependentProgID]
@="BandooCore.BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ProgID]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\VersionIndependentProgID]
@="BandooCore.StatisticMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files (x86)\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ProgID]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\VersionIndependentProgID]
@="BandooCore.ResourcesMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ProgID]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\VersionIndependentProgID]
@="BandooCore.SettingsMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ProgID]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\VersionIndependentProgID]
@="BandooCore.BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ProgID]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\VersionIndependentProgID]
@="BandooCore.StatisticMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files (x86)\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files (x86)\Bandoo"

-= EOF =-


----------



## eddie5659

Excellent :up:

Only thing is, I just spotted this, so that's my fault 

*WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.*

Its nothing bad, just means that we need to run a different version.

Can you download this version

*Download Link*

And the program will be called *SystemLook_x64*.

Then, can you do exactly the same thing as you just did, and hopefully it will show some folders 

Sorry about that

eddie


----------



## sweetrose

its ok im doing it now


----------



## sweetrose

stemLook 30.07.11 by jpshortstuff
Log created at 20:17 on 25/10/2012 by ann
Administrator - Elevation successful

No Context: Engine

No Context: *PricePeep

No Context: *FunWebProducts

No Context: *babylon

No Context: *InboxToolbar

No Context: *Bandoo

========== filefind ==========

Searching for "*Searchqu"
No files found.

Searching for "*MyWebSearch"
No files found.

Searching for "*BabylonToolbar"
No files found.

Searching for "*Shopping Sidekick"
No files found.

Searching for "*iNTERNET_TURBO"
No files found.

Searching for "*ConduitEngine"
No files found.

Searching for "*PricePeep"
No files found.

Searching for "*FunWebProducts"
No files found.

Searching for "*babylon"
No files found.

Searching for "*InboxToolbar"
No files found.

Searching for "*Bandoo"
No files found.

========== regfind ==========

Searching for "Searchqu"
[HKEY_LOCAHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "MyWebSearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2011082802&ptnrS=ZUman000&si=&n=77deb032&psa=&st=sb&searchfor={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
@="IMyWebSearchSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
@="IMyWebSearchHTMLPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
@="IMyWebSearchXMLElement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
@="IMyWebSearchChatSession"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
@="_IMyWebSearchSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
@="_IMyWebSearchHTMLPanelEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPseudoTransparent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchPopupMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinWindow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
@="IMyWebSearchButtonRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
@="_IMyWebSearchChatSessionEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
@="IMyWebSearchSearchScope"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=kwd&searchfor="
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/mywebsearch/SNdns.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=dns&searchfor="
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Users\ann\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2011082802&ptnrS=ZUman000&si=&n=77deb032&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"SettingsDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Settings\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Cache\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"SkinsDirLowIL"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"ConfigRevisionURL"="http://config.mywebsearch.com/cfg.jhtml?s=t100000597&p=ZUman000"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"sscURL"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=sb&searchfor={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"HistoryDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\History\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=kwd&searchfor="
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"DES"="http://search.mywebsearch.com/mywebsearch/SNdns.jhtml?id=ZUman000&ptnrS=ZUman000&ptb=w4RiURpOLmm4g5qjJ8BO9A&ind=2012042912&n=77ed56a0&psa=&st=dns&searchfor="

Searching for "BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\Shared\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"

Searching for "Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"

Searching for "iNTERNET_TURBO"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\iNTERNET_TURBO]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO\toolbar]
"DisplayTitle"="iNTERNET_TURBO Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO\toolbar]
"Path"="C:\Program Files (x86)\iNTERNET_TURBO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\iNTERNET_TURBO\iNTERNET_TURBOToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO\toolbar]
"AutoUpdateHelperPath"="C:\Users\ann\AppData\Local\Conduit\CT3197087\iNTERNET_TURBOAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iNTERNET_TURBO\toolbar]
"ProxyDllPath"="C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNTE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E585DDF-CCB1-4ED5-9C0F-4316A44B6CFE}]
"AppName"="iNTERNET_TURBOAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF943B18-FA64-4B95-8B02-0446878931A7}]
"AppPath"="C:\Program Files (x86)\iNTERNET_TURBO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF943B18-FA64-4B95-8B02-0446878931A7}]
"AppName"="iNTERNET_TURBOToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
"DisplayIcon"="C:\Program Files (x86)\iNTERNET_TURBO\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar]
"UninstallString"="C:\Program Files (x86)\iNTERNET_TURBO\uninstall.exe toolbar"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\iNTERNET_TURBO]

Searching for "ConduitEngine"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"

Searching for "PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]

Searching for "FunWebProducts"
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products\CursorLoader]
"Dir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts]
[HKEY_CURRENT_USER\Software\FunWebProducts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
@="IFunWebProductsPopSwatterSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
@="_IFunWebProductsPopSwatterSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
@="IFunWebProductsPopSwatterSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
@="_IFunWebProductsPopSwatterSettingsEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
"FunWebProducts"="IEAK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
@="IFunWebProductsPopSwatterSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
@="_IFunWebProductsPopSwatterSettingsEvents"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"sscSuggestionsURL"="http://srchsugg.funwebproducts.com/query?li=ff&sstype=prefix&q={searchTerms}"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\bar]
"AutocompleteURL"="http://srchsugg.funwebproducts.com/query?q=&sstype=prefix"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Fun Web Products\CursorLoader]
"Dir"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\FunWebProducts]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\FunWebProducts]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\Windows\system32\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared\Cache\"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"sscSuggestionsURL"="http://srchsugg.funwebproducts.com/query?li=ff&sstype=prefix&q={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\bar]
"AutocompleteURL"="http://srchsugg.funwebproducts.com/query?q=&sstype=prefix"

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193]
"ProductName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193\SourceList]
"PackageName"="BabylonObjectInstaller.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\Shared\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\BabylonToolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonIEToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonChromeToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonFFToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonIEToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonFFToolbar1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282]
"3192AA38321C641458DBDAF83979D193"="01:\Software\Microsoft\Babylon\BabylonToolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"DisplayName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"DisplayName"="BabylonObjectInstaller"
[HKEY_USERS\S-1-"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193\InstallProperties]
"DisplayName"="BabylonObjectInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
"path"="C:\Users\ann\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"Publisher"="Babylon Ltd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}]
"DisplayName"="BabylonObjectInstaller"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Babylon]

Searching for "InboxToolbar"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\CurVer]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\CurVer]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\CurVer]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\CurVer]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files (x86)\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ProgID]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\VersionIndependentProgID]
@="BandooCore.ResourcesMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ProgID]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\VersionIndependentProgID]
@="BandooCore.SettingsMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ProgID]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\VersionIndependentProgID]
@="BandooCore.BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ProgID]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\VersionIndependentProgID]
@="BandooCore.StatisticMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files (x86)\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bandoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files (x86)\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ProgID]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\VersionIndependentProgID]
@="BandooCore.ResourcesMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ProgID]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\VersionIndependentProgID]
@="BandooCore.SettingsMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ProgID]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\VersionIndependentProgID]
@="BandooCore.BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\LocalServer32]
@=""C:\Program Files (x86)\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ProgID]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\VersionIndependentProgID]
@="BandooCore.StatisticMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files (x86)\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files (x86)\Bandoo"

-= EOF =-


----------



## eddie5659

Thanks 

Okay, will go through this, and create the next step. Will take me a while, but should be tonight


----------



## sweetrose

Eddie am i keeping you up every night with this if so im sorry 
if id ont here from you tonight i will get yr messag tomorrow


----------



## eddie5659

Its okay, as the bit I need you to do is simple. Looking at the log above, you may still have some programs still installed.

So, if we uninstall them, a lot of the above will disappear 

Please go * here* to download *HijackThis*.

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.

I can post some screenshots if you're having any problems finding the above, just let me know


----------



## sweetrose

if you can post the screen shots Eddie it would make things easy for me,thanks


----------



## eddie5659

Yep, will do. Just running a scan with OTL to try something, but will in 10 mins


----------



## sweetrose

ok........


----------



## eddie5659

Excellent, my testing worked 

Okay, posting in a few mins...


----------



## eddie5659

Okay, so firstly you need to download HijackThis:

Please go * here* to download *HijackThis*.

This will look like this when its downloaded:










Now, double-click to open the program. If this pops up, click the *Run* button:










The program will now look like this:










Click on the *Config* button:










And it will now look like this:










Click on the *Misc Tools* button:










And it will now look like this:










Now, click on the button called *Open Uninstall Manager*. You may need to use the scrolling bar to bring the button into view:










Click on the *Save List* button, *Not* any other button in this screen










A box will pop up, asking you to save the list. It will be called *uninstall_list*, and it may be saved direct to the Desktop, so take note of where its saving it to 










Click Save, copy and paste the results in your next post.

eddie


----------



## sweetrose

EDdie i have done all that now wot do i do


----------



## sweetrose

Zip 9.20
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Ask Toolbar
AVG PC Tuneup
BabylonObjectInstaller
BBC iPlayer Desktop
BBC iPlayer Desktop
D3DX10
DivX Setup
Driver Genius Professional Edition
eBay
Facebook Video Calling 1.2.0.287
Google Update Helper
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
iNTERNET TURBO Toolbar
Internet TV for Windows Media Center
Java 7 Update 7
Java(TM) 6 Update 20
Junk Mail filter update
king.com (remove only)
MeFeedia
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Norton Security Scan
Optimizer Pro v3.0
Photo Service - powered by myphotobook
Photo Service - powered by myphotobook
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Toolbars
Skype 5.1
SkyPlayer for Windows Media Center
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
Utility Common Driver
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Vodafone Mobile Broadband Lite
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar


----------



## eddie5659

Can you see the *uninstall_list* log file? It will be a notepad file.

It will either be on your desktop, or maybe where you downloaded HijackThis to, say your Download folder.

When you find it, copy/paste the contents here as you did for the other things we've done before


----------



## eddie5659

Beat me to it


----------



## sweetrose

iv sent it


----------



## eddie5659

Okay, so if you look in the above, you will see these:
*
Ask Toolbar
BabylonObjectInstaller
Inbox Toolbar
iNTERNET TURBO Toolbar*

These are the ones I need you to uninstall. Again, I'll post some screenies in a min


----------



## eddie5659

Okay, so lets uninstall these programs. My screenshots won't have the actual programs you have, its just a guide 

So, firstly click on the *Start* button in the bottom left of your screen:










Then, click on the *Control Panel*:










Now, depending on the setup you have, you may have different views.

So, if you have it set to *Large Icons*, this is which you need to click on, *Programs and Features*.










If you have it on *Category*, this is what you need to click on, *Uninstall a Program*










Whichever you have, you will then get to this screen:










Now, in here, you need to look for the first program, *Ask Toolbar*. They're listed in alphabetical order, so it will be at the top 

Click on it to highlight it (again, mine is a different program):










And then click on the *Uninstall/Change button*, and uninstall it.










Then, once that is complete, do the same for each of these:

*BabylonObjectInstaller
Inbox Toolbar
iNTERNET TURBO Toolbar*


----------



## sweetrose

Eddie internet turbo toolbar wont uninstll or wiill the assk toobar.


----------



## eddie5659

That's okay, we'll look at them later 

Now, I need you to re-run OTL but I'm creating a new scan for you. So, this time, press the *Run Scan* button 

So, delete the *fix* that you have in your Download folder.

Then, once that is done, download the new one I'm attaching in this reply.

Then, follow the instructions I posted here, and post the results:

---------------

Can you open up OTL again, but *don't* press any button,

Then, can you find the new *fix* file that you just downloaded and open it, using your mouse. Does it look like it has this sort of things inside:



> c:\|Searchqu;true;true;true /FP
> c:\|MyWebSearch;true;true;true /FP
> c:\|BabylonToolbar;true;true;true /FP
> c:\|Sidekick;true;true;true /FP
> c:\|iNTERNET_TURBO;true;true;true /FP
> c:\|Conduit;true;true;true /FP
> c:\|ConduitEngine;true;true;true /FP
> c:\|PricePeep;true;true;true /FP
> c:\|FunWebProducts;true;true;true /FP
> c:\|babylon;true;true;true /FP
> c:\|InboxToolbar;true;true;true /FP
> c:\|Bandoo;true;true;true /FP
> c:\|Ask Toolbar;true;true;true /FP
> c:\|Ask.com;true;true;true /FP


If so, with your mouse, right-click on the contents and choose the *Select All* option.

All the text should be highlighted in blue.

Now, right-click again and choose the *Copy* option.

*Make sure you can see the parts I've highlighted with a circle in the below pictures*

Now, go back to the *OTL* program you have open, and in the *Custom Scans/Fixes*[/color] box at the bottom, right-click with your mouse and choose the *Paste* option, so it looks like this










eg:










Then click the *Run Scan* button at the top










And then click *OK*


----------



## sweetrose

i can,t fing them Eddi


----------



## eddie5659

When you're downloading OTL, are you saving it to your Download folder, or just selecting the *Run* option?

It seems that you have to keep downloading it, when normally it stays in the same folder.

If you haven't got OTL, get it again from here:

*OTL Download*

Now, I'll post some screenshot of an easy way of doing the fix, one minute


----------



## sweetrose

i download it to Eddie and keep it
but it wont come up on the otl


----------



## eddie5659

This is the code you need to use, when following the below instructions:



> c:\|Searchqu;true;true;true /FP
> c:\|MyWebSearch;true;true;true /FP
> c:\|BabylonToolbar;true;true;true /FP
> c:\|Sidekick;true;true;true /FP
> c:\|iNTERNET_TURBO;true;true;true /FP
> c:\|Conduit;true;true;true /FP
> c:\|ConduitEngine;true;true;true /FP
> c:\|PricePeep;true;true;true /FP
> c:\|FunWebProducts;true;true;true /FP
> c:\|babylon;true;true;true /FP
> c:\|InboxToolbar;true;true;true /FP
> c:\|Bandoo;true;true;true /FP
> c:\|Ask Toolbar;true;true;true /FP
> c:\|Ask.com;true;true;true /FP


--------------

Okay, you should now have OTL, so open it as normal, to get this:










Now, using your right-mouse button, hold down and drag until everything in the above code, is highlighted in blue:

This is before:










And this is after:










Now, right-click with the mouse and select *Copy* as you've done before:










Now, in the *Custom Box*, right-click with your mouse, and select *Paste* as you did before:










To become










And then click the *Run Scan* button, and then post the log it creates:


----------



## eddie5659

That's okay, we'll try the above instead, as it may be the actual fix that isn't downloading correctly


----------



## sweetrose

im doing it now


----------



## sweetrose

gfile created on: 10/31/2012 7:26:40 PM - Run 13
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 16.71% Memory free
3.74 Gb Paging File | 1.25 Gb Available in Paging File | 33.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 77.32 Gb Free Space | 66.40% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 19:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Downloads\OTL.exe
PRC - [2012/10/10 13:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/03 09:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 02:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/09/03 17:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/23 18:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/06/17 18:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/08/01 13:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/06/03 16:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 10:06:13 | 012,435,992 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 10:04:57 | 000,578,072 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 10:04:55 | 000,123,928 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/10/03 09:28:27 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/03 17:26:20 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 17:26:18 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/23 18:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 02:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/03 17:26:12 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2010/08/27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 08:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/09/21 02:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/09/13 02:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/09/04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2012/09/03 17:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/16 07:10:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:*64bit:* - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/24 15:11:18 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:*64bit:* - [2010/05/20 13:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:*64bit:* - [2010/04/28 11:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:*64bit:* - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:*64bit:* - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/02/21 00:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/01/07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:*64bit:* - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:*64bit:* - [2009/06/20 02:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=41648000&gct=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=W3I4&o=41648000&src=crm&q={searchTerms}&locale=&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=A7D34610-FA17-4C22-8632-EC2647B8B01F&apn_sauid=CE9233F2-3E58-4A75-88A5-CA0103A48B58
IE - HKCU\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={91AAAA7E-22F1-4FDE-BE01-003A27F6E136}&mid=eaf95fdb5bab47d6abd6cd3c4e914194-5c5653c47cf4f1da57a1a9398c21c6f4fc7f0f2c&lang=en&ds=AVG&pr=pr&d=2012-10-03 10:28:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={7E3FFE14-0CA3-4BAF-A926-D4D1BA5A2B65}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/10/03 09:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 15:31:30 | 000,000,000 | ---D | M]

[2012/10/03 09:28:21 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=41648000cr&gct=hp
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=W3I4&o=41648000&locale=en_UK&apn_uid=A7D34610-FA17-4C22-8632-EC2647B8B01F&apn_ptnrs=%5EA9L&apn_sauid=CE9233F2-3E58-4A75-88A5-CA0103A48B58&apn_dtid=%5EYYYYYY%5EYY%5EGB&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=41648000cr&gct=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/10/25 13:55:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\RuKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 19:13:57 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BC594FB2-610D-4DBD-9B00-E4D52C7E30D1}
[2012/10/31 07:13:30 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1058E6FA-6663-4D7C-929E-40BFB5C9DFA3}
[2012/10/30 21:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/30 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{740675D2-2D1A-4CC9-BACC-7D0B36A1E651}
[2012/10/30 07:09:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D29CA16C-A397-4582-A4AA-1D92CE1752CF}
[2012/10/29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{50F9E228-E55C-4810-BC3E-7591833B9C0E}
[2012/10/28 20:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/10/28 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B56B6020-F5E3-4571-B805-9FB75DBA34D7}
[2012/10/28 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107265E1-6467-47F9-B58A-D9E9318E1A45}
[2012/10/27 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D4E7C282-BFE4-458D-94A2-FABE9C279B3C}
[2012/10/26 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D35E905-9A33-4D98-A22E-1188C8EF5EA7}
[2012/10/26 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/26 06:42:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55AA1DDB-378E-42F0-8EC4-5B76DD6CFA88}
[2012/10/25 18:41:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{589375DD-C439-4603-8569-7E0C9EB5D55C}
[2012/10/25 06:41:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2B25A7E3-9DE6-4937-A667-98A92A84206C}
[2012/10/24 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B3E6FCF5-3ABB-415F-8D56-F4A19A50F021}
[2012/10/24 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\ann\Desktop\New folder
[2012/10/24 06:39:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{89735C78-C3EF-4CE2-9ED0-53DDFCCF5A61}
[2012/10/23 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E5B7AD43-DF3E-476C-968B-6E1ECE904900}
[2012/10/23 06:28:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EDDF1671-A1F0-452E-8C7E-B1AB41D3C3EE}
[2012/10/22 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DD5D48DB-A5FA-47CD-B25C-B2B6E8204711}
[2012/10/21 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ADEA6C7-C9B7-44DE-9690-93FE623BF9D7}
[2012/10/21 06:44:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F4513E39-8F30-475D-B407-D22C37A7E1CD}
[2012/10/20 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{49AB974D-F012-4F4D-9BE4-9DEED983F810}
[2012/10/19 12:29:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E56B3DB4-9DD2-4331-83A7-6F714EF8EC7F}
[2012/10/18 21:29:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{585F500D-C7B3-4463-9B61-86AA023CAEE7}
[2012/10/18 09:29:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{01A60DAB-422B-46F7-A911-5E088F5D68C5}
[2012/10/18 06:40:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{13295C49-C5A2-4133-AE29-ACFBE60E3F3A}
[2012/10/17 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7A4FDBF8-7900-4A79-A5E2-6F19EBFD7455}
[2012/10/17 06:38:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{11936F45-D07A-4A56-8957-18241D68286C}
[2012/10/16 18:38:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E1775522-B8FF-47BA-8312-D131E5E3F5A7}
[2012/10/16 14:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012/10/16 14:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/10/16 14:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mefeediatest
[2012/10/16 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/10/16 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012/10/16 14:13:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\APN
[2012/10/16 06:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E8E0006A-FFAD-4046-A57B-245C7956C400}
[2012/10/15 19:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B0BCB94-4D85-4D15-AF18-0E75E5C712D7}
[2012/10/14 19:55:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{66E0DA3C-CE65-475C-B8C0-9CE5B63A56A3}
[2012/10/14 07:55:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{167AD287-3A6E-4692-A2E9-A3F9F392E12C}
[2012/10/14 07:33:13 | 000,000,000 | ---D | C] -- C:\Users\ann\Documents\Fax
[2012/10/14 07:33:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2807ED7F-589B-45FB-8D0A-21025F13F338}
[2012/10/14 07:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{31F18C97-2C2B-49B6-9D3A-88D3AA599737}
[2012/10/14 07:06:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1E07DCB5-D853-4F5C-AF8B-AC734944A87B}
[2012/10/14 07:01:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6FD3E7C6-7093-4567-A62C-C6DBAEC79678}
[2012/10/13 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B2B85854-3F77-404B-8729-31C2B1BACF40}
[2012/10/12 18:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F2305E10-A6C8-41CD-A71E-6DB3BEB09B3E}
[2012/10/12 06:21:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D788C5B-2D2F-4EFB-BB6D-B9D9CB3B1373}
[2012/10/11 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C1DD3728-C8E0-4B3D-90AE-AA174DF1A72B}
[2012/10/11 06:20:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B481F9F9-56BF-496D-9571-09BEDBD44491}
[2012/10/10 18:19:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2D9BF89C-2087-4662-8931-C7492049B401}
[2012/10/10 06:18:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{268922BE-9566-44C0-8633-BAE3BEF277CB}
[2012/10/09 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder (2)
[2012/10/09 17:17:11 | 000,000,000 | ---D | C] -- C:\rsit
[2012/10/09 13:38:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C0D35421-E5FC-4471-BACB-ABB5975925C7}
[2012/10/08 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BB7E2642-3C6F-426A-92FB-ECAD08E37B65}
[2012/10/08 20:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012/10/08 09:52:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F33F4E90-4C7C-49F1-A52D-3EC23F84D657}
[2012/10/07 06:54:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B7C9C94-2836-4E4E-96BD-B02AAF9E8285}
[2012/10/06 11:28:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A6488ED8-B30C-4337-8A6D-3C097859AF3B}
[2012/10/05 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B102234-C72E-494D-8DDA-A112DE989B91}
[2012/10/05 06:21:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{FECE62E8-675C-4254-BAEE-D8CCC3973F3E}
[2012/10/05 02:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/04 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E0F00CFA-B6F1-4453-BA25-A32BA5C7FB3E}
[2012/10/04 06:19:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E3A2A49D-466E-4126-8D7F-E26D0C0214C2}
[2012/10/03 18:17:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B544F14-9020-4A3D-8931-04408CB60D6D}
[2012/10/03 09:30:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013
[2012/10/03 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2012/10/03 09:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/10/03 09:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/03 09:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData
[2012/10/03 09:08:59 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013
[2012/10/03 06:16:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{4BBCD0D6-09AC-41F0-BA05-F92B2FE61C37}
[2012/10/02 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B6CC265-6592-4FC6-A097-6C5F8698781C}
[2012/10/02 13:28:36 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{09527887-56EF-44B7-B19F-C49F11DB916F}
[2012/10/02 02:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/01 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D38618CD-F270-4719-ACA5-36BA99F69A81}

========== Files - Modified Within 30 Days ==========

[2012/10/31 19:34:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/31 19:33:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/31 18:34:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/31 17:26:33 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 17:26:33 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 17:26:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/10/31 17:23:14 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/31 17:23:14 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/31 17:23:14 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/31 17:20:17 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/10/31 17:19:51 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/10/31 17:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 17:18:42 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 15:33:04 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/31 15:14:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/10/30 20:26:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/10/26 12:55:23 | 000,000,495 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/26 12:54:50 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/25 13:55:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/16 16:34:53 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Warranty Registration.lnk
[2012/10/11 06:35:53 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/10/10 13:51:08 | 000,000,323 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab
[2012/10/07 12:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

========== Files Created - No Company Name ==========

[2012/10/16 14:24:21 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/10/16 14:24:20 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/10/13 14:07:41 | 000,000,495 | ---- | C] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/10 13:51:08 | 000,000,323 | ---- | C] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab
[2012/10/07 12:06:34 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/10/03 09:29:36 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/02 12:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 07:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 19:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 19:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 14:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 14:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 16:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 16:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 18:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 18:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 11:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 10:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 13:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 13:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 13:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 13:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 12:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 13:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 07:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 17:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 07:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 07:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/19 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG
[2012/10/03 09:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013
[2011/10/13 14:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/05 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2
[2012/08/25 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/09/18 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2011/02/06 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba
[2012/10/03 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2011/04/20 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Vodafone
[2012/10/17 08:03:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\WildTangent
[2011/04/18 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< -Quote--- >
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/11 08:40:52 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2011/02/11 08:40:53 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2011/06/28 09:49:03 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 09:49:03 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 19:11:13 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2011/09/18 19:11:15 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/03/24 18:59:14 | 000,000,448 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for ann.job
[2012/10/16 14:24:20 | 000,000,410 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/10/16 14:24:21 | 000,000,434 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job

< c:\|Searchqu;true;true;true /FP >

< c:\|MyWebSearch;true;true;true /FP >
[2012/08/16 06:45:51 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage
[2012/08/16 06:45:51 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage-journal
[2011/08/28 06:31:53 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\MyWebSearch
[2011/08/28 06:43:14 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\MyWebSearch\bar
[2012/04/29 16:06:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch
[2012/04/29 16:07:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar

< c:\|BabylonToolbar;true;true;true /FP >
[2012/09/02 12:24:17 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\BabylonToolbar
[2012/09/02 12:24:17 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\BabylonToolbar\BabylonToolbar

< c:\|Sidekick;true;true;true /FP >
[2012/08/15 20:51:29 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Shopping Sidekick
[2012/09/21 17:48:40 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Shopping Sidekick\Chrome

< c:\|iNTERNET_TURBO;true;true;true /FP >
[2012/10/25 13:54:54 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\iNTERNET_TURBO
[2012/10/25 16:07:16 | 000,000,000 | ---D | M] -- c:\Program Files (x86)\iNTERNET_TURBO
[2012/07/02 12:42:42 | 000,065,832 | ---- | M] () -- c:\Program Files (x86)\iNTERNET_TURBO\iNTERNET_TURBOToolbarHelper.exe
[2012/07/02 12:42:42 | 000,065,832 | ---- | M] () -- c:\Users\ann\AppData\Local\Conduit\CT3197087\iNTERNET_TURBOAutoUpdateHelper.exe
[2012/08/15 20:50:15 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\iNTERNET_TURBO
[2012/08/15 20:50:15 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\iNTERNET_TURBO\Logs

< c:\|Conduit;true;true;true /FP >
[2012/10/17 08:07:51 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Conduit
[2012/08/15 20:50:15 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Conduit\CT3197087
[2012/08/16 19:16:19 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
[2012/08/16 19:16:19 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
[2012/08/18 18:53:14 | 000,006,144 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage
[2012/08/18 18:53:14 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal
[2012/08/23 12:12:30 | 000,006,144 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage
[2012/08/23 12:12:30 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal
[2012/08/20 18:49:22 | 000,007,168 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
[2012/08/20 18:49:22 | 000,006,704 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
[2012/08/18 18:52:55 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage
[2012/08/18 18:52:55 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal
[2012/08/25 19:45:45 | 000,007,168 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
[2012/08/25 19:45:45 | 000,007,736 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
[2012/08/16 06:23:01 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage
[2012/08/16 06:23:01 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal
[2012/08/16 06:54:57 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage
[2012/08/16 06:54:57 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal
[2012/07/20 17:55:13 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml
[2012/07/20 17:55:12 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml
[2011/04/05 14:40:23 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\Conduit
[2012/09/21 12:50:33 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts
[2011/04/05 14:40:23 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\Conduit\Toolbar
[2011/05/14 15:41:50 | 000,000,182 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116652_1112356_UK.xml
[2011/05/14 15:41:50 | 000,000,209 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116673_1112377_UK.xml
[2011/05/14 15:41:49 | 000,000,210 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116697_1112401_UK.xml
[2011/05/14 15:41:50 | 000,000,181 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1119424_1115128_UK.xml
[2011/05/14 15:41:49 | 000,000,211 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1119884_1115588_UK.xml
[2011/05/14 15:41:50 | 000,000,209 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1119908_1115612_UK.xml
[2011/05/13 17:02:21 | 000,010,909 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_1_0_7.xml
[2011/05/14 17:49:58 | 000,010,909 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_3_3.xml
[2012/06/03 16:40:10 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml
[2012/09/21 12:50:26 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml
[2012/10/14 07:27:04 | 000,000,669 | ---- | M] () -- c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk
[2012/04/29 16:07:00 | 000,000,013 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml
[2012/04/29 16:07:06 | 000,000,013 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml
[2012/04/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
[2012/04/29 16:07:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts
[2012/04/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
[2012/04/29 16:05:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Logs
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\MyStuffApps
[2012/04/29 18:06:18 | 000,000,182 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116652_1112356_UK.xml
[2012/04/29 18:02:36 | 000,000,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1358172_1353832_UK.xml
[2012/04/29 16:06:50 | 000,010,909 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_3_3.xml
[2010/09/12 14:02:22 | 003,863,136 | ---- | M] (Conduit Ltd.) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
[2012/04/29 16:06:17 | 000,000,972 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634357308105118750_png.png
[2012/04/29 16:06:22 | 000,001,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120199365001_png.png
[2012/04/29 16:06:22 | 000,001,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120464208751_png.png
[2012/04/29 16:06:49 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:49 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:49 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:49 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:49 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:49 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:49 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:49 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:49 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:49 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:54 | 000,000,884 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_chevron_menu_gif.gif
[2012/04/29 16:06:54 | 000,000,138 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif
[2012/04/29 16:06:54 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif
[2012/04/29 16:06:53 | 000,000,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF
[2012/04/29 16:06:54 | 000,000,286 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF
[2012/04/29 16:06:53 | 000,000,658 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif
[2012/04/29 16:06:54 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif
[2012/04/29 16:06:54 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif
[2012/04/29 16:06:53 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,590 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif
[2012/04/29 16:06:53 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif
[2012/04/29 16:06:53 | 000,000,652 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,652 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_gif.gif
[2012/04/29 16:06:54 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_mini_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_mini_gif.gif
[2012/04/29 16:06:54 | 000,001,007 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_chevron_gif.gif
[2012/04/29 16:06:53 | 000,000,661 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,661 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,676 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_gif.gif
[2012/04/29 16:06:53 | 000,000,676 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_mini_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_gif.gif
[2012/04/29 16:06:54 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,244 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_bg_gif.gif
[2012/04/29 16:06:53 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_gif.gif
[2012/04/29 16:06:54 | 000,001,001 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_chevron_gif.gif
[2012/04/29 16:06:53 | 000,000,695 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,703 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif
[2012/04/29 16:06:53 | 000,001,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif
[2012/04/29 16:06:53 | 000,000,703 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,712 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif
[2012/04/29 16:06:53 | 000,001,132 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif
[2012/04/29 16:06:22 | 000,000,419 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
[2012/04/29 16:06:49 | 000,000,403 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
[2012/04/29 16:06:49 | 000,000,414 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
[2012/04/29 16:06:49 | 000,000,278 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
[2012/04/29 16:06:49 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
[2012/04/29 16:06:49 | 000,000,425 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
[2012/04/29 16:06:49 | 000,000,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
[2012/04/29 16:06:49 | 000,000,351 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
[2012/04/29 16:06:48 | 000,000,392 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
[2012/04/29 16:06:48 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
[2012/04/29 16:06:48 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
[2012/04/29 16:06:48 | 000,000,371 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
[2012/04/29 16:06:48 | 000,000,606 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
[2012/04/29 16:06:48 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
[2012/04/29 16:06:48 | 000,000,335 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
[2012/04/29 16:06:55 | 000,000,173 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif
[2012/04/29 16:36:57 | 000,000,379 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif
[2012/04/29 16:06:22 | 000,007,042 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
[2012/04/29 16:06:22 | 000,005,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
[2012/04/29 16:06:22 | 000,006,581 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
[2012/04/29 16:06:22 | 000,005,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
[2012/04/29 16:07:08 | 000,004,942 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml
[2012/04/29 16:06:49 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\AppsMetaData
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\DynamicDialogs
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarLogin
[2012/04/29 18:06:12 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarSettings
[2012/04/29 16:06:24 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en
[2012/04/29 16:06:24 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en\ToolbarTranslation
[2012/04/29 16:06:22 | 000,000,835 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160265771352500_gif.gif
[2012/04/29 16:06:48 | 000,000,630 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160266957415000_png.png
[2012/04/29 16:06:22 | 000,000,691 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160267103821250_gif.gif
[2012/04/29 16:06:23 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160268272102500_png.png
[2012/04/29 16:06:23 | 000,001,224 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Facebook_xml-1-Facebook-634160268422883750_gif.gif
[2012/04/29 16:06:23 | 000,001,065 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Weather_xml-7-Classic-634160269147271250_gif.gif
[2012/04/29 16:06:52 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:52 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:52 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:52 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:52 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:52 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:52 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:52 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:52 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:52 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:53 | 000,000,705 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
[2012/04/29 16:06:54 | 000,000,746 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
[2012/04/29 16:06:53 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
[2012/04/29 16:06:53 | 000,000,338 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
[2012/04/29 16:06:53 | 000,000,545 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
[2012/04/29 16:06:54 | 000,000,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
[2012/04/29 16:06:53 | 000,003,355 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
[2012/04/29 16:06:53 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
[2012/04/29 16:06:53 | 000,000,415 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
[2012/04/29 16:06:54 | 000,000,461 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
[2012/04/29 16:06:53 | 000,000,699 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
[2012/04/29 16:06:48 | 000,000,637 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4924359782625844955_png.png
[2012/04/29 16:06:23 | 000,000,419 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
[2012/04/29 16:06:49 | 000,000,403 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
[2012/04/29 16:06:49 | 000,000,414 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
[2012/04/29 16:06:49 | 000,000,278 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
[2012/04/29 16:06:50 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
[2012/04/29 16:06:49 | 000,000,425 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
[2012/04/29 16:06:49 | 000,000,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
[2012/04/29 16:06:49 | 000,000,351 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
[2012/04/29 16:06:49 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
[2012/04/29 16:06:48 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
[2012/04/29 16:06:49 | 000,000,371 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
[2012/04/29 16:06:49 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
[2012/04/29 16:06:48 | 000,000,335 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
[2012/04/29 16:06:23 | 000,001,164 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png
[2012/04/29 16:06:45 | 000,007,042 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
[2012/04/29 16:06:45 | 000,005,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
[2012/04/29 16:06:45 | 000,006,581 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
[2012/04/29 16:06:45 | 000,005,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386
[2012/04/29 16:06:12 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\AppsMetaData
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\DynamicDialogs
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\ToolbarLogin
[2012/04/29 18:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\ToolbarSettings
[2012/04/29 16:06:18 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en
[2012/04/29 16:06:18 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en\ToolbarTranslation

< c:\|ConduitEngine;true;true;true /FP >
[2012/10/14 07:27:04 | 000,000,669 | ---- | M] () -- c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
[2012/04/29 16:05:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Logs
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\MyStuffApps
[2010/09/12 14:02:22 | 003,863,136 | ---- | M] (Conduit Ltd.) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
[2012/04/29 16:06:49 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:49 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:49 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:49 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:49 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:49 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:49 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:49 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:49 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:49 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:52 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:52 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:52 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:52 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:52 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:52 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:52 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:52 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:52 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:52 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png

< c:\|PricePeep;true;true;true /FP >

< c:\|FunWebProducts;true;true;true /FP >
[2011/08/28 06:31:53 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\FunWebProducts
[2011/11/23 14:03:46 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\FunWebProducts\Shared
[2012/04/29 16:07:08 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts
[2012/04/29 16:07:08 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared

< c:\|babylon;true;true;true /FP >
[2012/08/25 19:36:46 | 000,002,349 | ---- | M] () -- c:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2012/08/25 19:35:22 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Babylon
[2011/05/04 16:04:14 | 000,003,577 | ---- | M] () -- c:\Program Files (x86)\mefeediatest\chrome\skin\babylon_logo.png
[2012/08/25 19:35:24 | 000,000,000 | ---D | M] -- c:\ProgramData\Babylon
[2012/08/25 19:35:24 | 000,000,000 | ---D | M] -- c:\Users\All Users\Babylon
[2012/09/02 12:24:17 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\BabylonToolbar
[2012/09/02 12:24:17 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\BabylonToolbar\BabylonToolbar

< c:\|InboxToolbar;true;true;true /FP >

< c:\|Bandoo;true;true;true /FP >
[2012/06/27 08:34:13 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Bandoo
[2012/09 14:41:24 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\LocalLow\Bandoo\Flash
[2012/05/29 14:41:24 | 000,000,042 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg

< c:\|Ask Toolbar;true;true;true /FP >

< c >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >


----------



## eddie5659

Okay, looks like there is a lot there.

So, firstly, I'd like to use a fix for certain infections. Then, we'll re-run a scan to see what's left, and work from there 

-----

So, exactly as you did just before with the highlighting of the words, can you do the same with this:



Code:


:Commands
[CREATERESTOREPOINT]

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_CURRENT_USER\Software\DataMngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\ilivid]
[-HKEY_CURRENT_USER\Software\searchqutoolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"

:Files
%APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
%APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
%APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
%APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
%LOCALAPPDATA%\Ilivid Player /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
%TEMP%\BandooFiles
%TEMP%\BandooV6.exe
%TEMP%\SetupDataMngr_Searchqu.exe
%TEMP%\SweetIMReinstall
%TEMP%\SweetIMReinstall\SweetImSetup.exe
%TEMP%\ilivid.7z
%TEMP%\searchqu.ini
%TEMP%\searchqutoolbar-manifest.xml
%USERPROFILE%\AppData\LocalLow\searchquband
%USERPROFILE%\AppData\LocalLow\searchqutoolbar
%USERPROFILE%\Downloads\SweetImSetup.exe
%USERPROFILE%\Downloads\iLividSetupV1.exe
%USERPROFILE%\AppData\LocalLow\DataMngr
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml
C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\iLivid
C:\Windows\Prefetch\ILIVID*
C:\Windows\Prefetch\SEARCHQUMEDIABAR*
C:\Windows\Prefetch\SETUPDATAMNGR*
C:\Program Files (x86)\iLivid
C:\Program Files (x86)\Windows Savevid Toolbar
C:\Program Files (x86)\Savevid
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then, copy and paste into the Cutom box of OTL, like you did before.

But this time, press the *Run Fix* button:










And post the log it creates


----------



## sweetrose

ok EDDIE,but you may not get it tell tomorrow is that ok,


----------



## eddie5659

That's fine, just take your time with it. Make sure all inside the code box is highlighted, before copying into OTL.

As I say, we'll run that first, then do another check to see what's left 

I'll have a look tomorrow evening before I go out


----------



## sweetrose

ok and thanks


----------



## eddie5659

No problem, and like I said, just take your time 

I'll post the next part with screenshots again, as I feel this is a good way to understand things, as they do say a picture is far better than words, plus you can actually see it easier, as you can compare with what you have


----------



## sweetrose

hi Eddie i hope iv done it right..........
processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\ann\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\ann\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\ann\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\ann\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\ann\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\ann\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\ann\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\ann\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\ann\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\ann\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\ann\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\ann\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\ann\Downloads\iLividSetupV1.exe not found.
C:\Users\ann\AppData\LocalLow\DataMngr folder moved successfully.
File/Folder C:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ann\Downloads\cmd.bat deleted successfully.
C:\Users\ann\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 10002748 bytes
->Temporary Internet Files folder emptied: 24795633 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 390572003 bytes
->Flash cache emptied: 56922 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1469871 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 199750 bytes

Total Files Cleaned = 407.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11022012_144124

Files\Folders moved on Reboot...
File\Folder C:\Users\ann\AppData\Local\Temp\etilqs_ab8gQfEwJO5BQCP not found!
File\Folder C:\Users\ann\AppData\Local\Temp\etilqs_gP5paKcvANapYfa not found!
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWX5B1GW\m0310tr[1].htm moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_5 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_6 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## eddie5659

Excellent, that worked just the way it was supposed to :up:

Now, we have another tool I'd like you to use. I'll post the instructions as below, with screenshots 

Please download *AdwCleaner* by Xplode onto your desktop.

When you double-click it to open, it will look like this:










Click on the *Search* button:










A log will appear when its finished, but if you can't see it, it will be in this location:

*C:\AdwCleaner[R1].txt*

Post the contents here as before


----------



## sweetrose

hi eddie.all done


----------



## sweetrose

leaner v2.006 - Logfile created 11/03/2012 at 18:53:28
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Claro LTD
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Inbox Toolbar
Folder Found : C:\Program Files (x86)\iNTERNET_TURBO
Folder Found : C:\Program Files (x86)\PricePeep
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\ann\AppData\Local\APN
Folder Found : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Found : C:\Users\ann\AppData\Local\Conduit
Folder Found : C:\Users\ann\AppData\Local\Wajam
Folder Found : C:\Users\ann\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\ann\AppData\LocalLow\Bandoo
Folder Found : C:\Users\ann\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\ann\AppData\LocalLow\Conduit
Folder Found : C:\Users\ann\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\ann\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\ann\AppData\LocalLow\iNTERNET_TURBO
Folder Found : C:\Users\ann\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\ann\AppData\LocalLow\PriceGong
Folder Found : C:\Users\ann\AppData\Roaming\Babylon
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\iNTERNET_TURBO
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Claro LTD
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Claro LTD
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFFound : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2966447
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3197087
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\Software\iNTERNET_TURBO
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLMCLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E585DDF-CCB1-4ED5-9C0F-4316A44B6CFE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF943B18-FA64-4B95-8B02-0446878931A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iNTERNET_TURBO Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{y Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29833 octets] - [03/11/2012 18:53:29]

########## EOF - C:\AdwCleaner[R1].txt - [29894 octets] ##########


----------



## eddie5659

Okay, that has found a lot of things, all of which we can now remove 

So, open it up again, but this time click on the *Delete* button:










Confirm each time with *Ok*

You will be prompted to restart your computer. A text file will open after the restart.

Post the contents of the log. If it doesn;t appear, locate it here:

*C:\AdwCleaner[S1].txt*

eddie


----------



## sweetrose

Eddie its done will post it now...


----------



## sweetrose

temLook 30.07.11 by jpshortstuff
Log created at 20:29 on 25/10/2012 by ann
Administrator - Elevation successful

No Context: Engine

No Context: *PricePeep

No Context: *FunWebProducts

No Context: *babylon

No Context: *InboxToolbar

No Context: *Bandoo

========== filefind ==========

Searching for "*Searchqu"
No files found.

Searching for "*MyWebSearch"
No files found.

Searching for "*BabylonToolbar"
No files found.

Searching for "*Shopping Sidekick"
No files found.
r "*iNTERNET_TURBO"
No files found.

Searching for "*ConduitEngine"
No files found.

Searching for "*PricePeep"
No files found.

Searching for "*FunWebProducts"
No files found.

Searching for "*babylon"
No files found.

Searching for "*Inbox


----------



## eddie5659

Nope, that's not it 

Have a look here:

*C:\AdwCleaner[S1].txt*

Make sure its the one with the *S* in the name


----------



## sweetrose

2.006 - Logfile created 11/03/2012 at 19:40:19
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29826 octets] - [03/11/2012 18:53:29]
AdwCleaner[S1].txt - [29417 octets] - [03/11/2012 19:15:47]
AdwCleaner[S2].txt - [1025 octets] - [03/11/2012 19:21:46]
AdwCleaner[S3].txt - [909 octets] - [03/11/2012 19:40:19]

########## EOF - C:\AdwCleaner[S3].txt - [968 octets] ##########


----------



## sweetrose

this is wot come up EDDIE


----------



## eddie5659

Excellent, looks like it removed it all :up:

Okay, can you now go back to OTL again, and exactly as you did before, can you highlight all the below code, and put it into the Custom box:



Code:


c:\|Searchqu;true;true;true /FP
c:\|MyWebSearch;true;true;true /FP
c:\|BabylonToolbar;true;true;true /FP
c:\|Sidekick;true;true;true /FP
c:\|iNTERNET_TURBO;true;true;true /FP
c:\|Conduit;true;true;true /FP
c:\|ConduitEngine;true;true;true /FP
c:\|PricePeep;true;true;true /FP
c:\|FunWebProducts;true;true;true /FP
c:\|babylon;true;true;true /FP
c:\|InboxToolbar;true;true;true /FP
c:\|Bandoo;true;true;true /FP
c:\|HiYo;true;true;true /FP
c:\|Ask.com;true;true;true /FP
c:\|Claro LTD;true;true;true /FP
c:\|Inbox Toolbar;true;true;true /FP
c:\|SweetIM;true;true;true /FP
c:\|Yontoo;true;true;true /FP
c:\|boost_interprocess;true;true;true /FP
c:\|Wajam;true;true;true /FP
c:\|Tarma;true;true;true /FP
c:\|AskToolbar;true;true;true /FP
c:\|PriceGong;true;true;true /FP
c:\|Crossrider;true;true;true /FP
c:\|SmartBar;true;true;true /FP

And press the Scan button and post the log:


----------



## sweetrose

Eddie this is taking so long


----------



## sweetrose

L logfile created on: 11/4/2012 3:21:14 PM - Run 14
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.54% Memory free
3.74 Gb Paging File | 2.18 Gb Available in Paging File | 58.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 81.11 Gb Free Space | 69.66% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 19:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Downloads\OTL.exe
PRC - [2012/10/10 13:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/03 17:26:12 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/23 18:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/06/17 18:59:46 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/02/14 21:18:56 | 000,079,728 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/06/03 16:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 10:06:15 | 000,460,312 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 10:06:13 | 012,435,992 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 10:06:12 | 004,005,912 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 10:04:57 | 000,578,072 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 10:04:55 | 000,123,928 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 10:04:44 | 000,156,712 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 10:04:43 | 000,275,496 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 10:04:42 | 002,168,360 | ---- | M] () -- C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/08/23 18:20:36 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:*64bit:* - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:*64bit:* - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 02:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/03 17:26:12 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2010/08/27 17:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/05/11 08:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2012/09/21 02:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/09/13 02:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2012/09/04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2012/09/03 17:26:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/12/16 07:10:31 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:*64bit:* - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/09/24 15:11:18 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:*64bit:* - [2010/08/11 10:44:02 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:*64bit:* - [2010/05/20 13:40:28 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV:*64bit:* - [2010/04/28 11:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:*64bit:* - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:*64bit:* - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/02/21 00:24:36 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/01/07 09:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:*64bit:* - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:*64bit:* - [2009/06/20 02:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=...HP_ss&mntrId=66338fed00000000000088252cba0aa8
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {400E7EA1-093B-4D0E-90AC-CAAEF713611E}
IE - HKCU\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 15:31:30 | 000,000,000 | ---D | M]

[2012/11/03 14:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.claro-search.com/?affID=...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-search.com/?q={searchTerms}&affID=116693&tt=4412_8&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.claro-search.com/?affID=...HP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/10/25 13:55:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{76B8F975-4416-4443-BAC0-188C0E9CA978}
[2012/11/03 14:35:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVUS
[2012/11/03 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVUS
[2012/11/03 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Fighters
[2012/11/03 14:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/11/03 14:29:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{416C80D4-B420-4528-A55D-66171DE860E2}
[2012/11/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A33DA9D8-AF45-435F-AB03-76412765B12A}
[2012/11/02 07:33:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8546C424-C75F-48C3-9ED4-C2AF53CF5B61}
[2012/11/01 22:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/01 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{504E70A0-8180-427A-BBA9-1FEE909AC607}
[2012/11/01 07:32:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{78EC496F-F47E-4DE4-874B-661237906A22}
[2012/10/31 19:13:57 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BC594FB2-610D-4DBD-9B00-E4D52C7E30D1}
[2012/10/31 07:13:30 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1058E6FA-6663-4D7C-929E-40BFB5C9DFA3}
[2012/10/30 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{740675D2-2D1A-4CC9-BACC-7D0B36A1E651}
[2012/10/30 07:09:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D29CA16C-A397-4582-A4AA-1D92CE1752CF}
[2012/10/29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{50F9E228-E55C-4810-BC3E-7591833B9C0E}
[2012/10/28 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B56B6020-F5E3-4571-B805-9FB75DBA34D7}
[2012/10/28 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107265E1-6467-47F9-B58A-D9E9318E1A45}
[2012/10/27 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D4E7C282-BFE4-458D-94A2-FABE9C279B3C}
[2012/10/26 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D35E905-9A33-4D98-A22E-1188C8EF5EA7}
[2012/10/26 12:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/26 06:42:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55AA1DDB-378E-42F0-8EC4-5B76DD6CFA88}
[2012/10/25 18:41:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{589375DD-C439-4603-8569-7E0C9EB5D55C}
[2012/10/25 06:41:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2B25A7E3-9DE6-4937-A667-98A92A84206C}
[2012/10/24 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B3E6FCF5-3ABB-415F-8D56-F4A19A50F021}
[2012/10/24 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\ann\Desktop\New folder
[2012/10/24 06:39:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{89735C78-C3EF-4CE2-9ED0-53DDFCCF5A61}
[2012/10/23 18:29:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E5B7AD43-DF3E-476C-968B-6E1ECE904900}
[2012/10/23 06:28:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EDDF1671-A1F0-452E-8C7E-B1AB41D3C3EE}
[2012/10/22 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{DD5D48DB-A5FA-47CD-B25C-B2B6E8204711}
[2012/10/21 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7ADEA6C7-C9B7-44DE-9690-93FE623BF9D7}
[2012/10/21 06:44:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F4513E39-8F30-475D-B407-D22C37A7E1CD}
[2012/10/20 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{49AB974D-F012-4F4D-9BE4-9DEED983F810}
[2012/10/19 12:29:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E56B3DB4-9DD2-4331-83A7-6F714EF8EC7F}
[2012/10/18 21:29:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{585F500D-C7B3-4463-9B61-86AA023CAEE7}
[2012/10/18 09:29:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{01A60DAB-422B-46F7-A911-5E088F5D68C5}
[2012/10/18 06:40:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{13295C49-C5A2-4133-AE29-ACFBE60E3F3A}
[2012/10/17 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7A4FDBF8-7900-4A79-A5E2-6F19EBFD7455}
[2012/10/17 06:38:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{11936F45-D07A-4A56-8957-18241D68286C}
[2012/10/16 18:38:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E1775522-B8FF-47BA-8312-D131E5E3F5A7}
[2012/10/16 14:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012/10/16 14:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/10/16 14:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mefeediatest
[2012/10/16 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/10/16 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012/10/16 06:37:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E8E0006A-FFAD-4046-A57B-245C7956C400}
[2012/10/15 19:10:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/15 13:12:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B0BCB94-4D85-4D15-AF18-0E75E5C712D7}
[2012/10/14 19:55:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{66E0DA3C-CE65-475C-B8C0-9CE5B63A56A3}
[2012/10/14 07:55:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{167AD287-3A6E-4692-A2E9-A3F9F392E12C}
[2012/10/14 07:33:13 | 000,000,000 | ---D | C] -- C:\Users\ann\Documents\Fax
[2012/10/14 07:33:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2807ED7F-589B-45FB-8D0A-21025F13F338}
[2012/10/14 07:24:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{31F18C97-2C2B-49B6-9D3A-88D3AA599737}
[2012/10/14 07:06:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1E07DCB5-D853-4F5C-AF8B-AC734944A87B}
[2012/10/14 07:01:33 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6FD3E7C6-7093-4567-A62C-C6DBAEC79678}
[2012/10/13 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B2B85854-3F77-404B-8729-31C2B1BACF40}
[2012/10/12 18:22:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F2305E10-A6C8-41CD-A71E-6DB3BEB09B3E}
[2012/10/12 06:21:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D788C5B-2D2F-4EFB-BB6D-B9D9CB3B1373}
[2012/10/11 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C1DD3728-C8E0-4B3D-90AE-AA174DF1A72B}
[2012/10/11 06:20:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B481F9F9-56BF-496D-9571-09BEDBD44491}
[2012/10/10 18:19:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2D9BF89C-2087-4662-8931-C7492049B401}
[2012/10/10 06:18:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{268922BE-9566-44C0-8633-BAE3BEF277CB}
[2012/10/09 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\ann\New folder (2)
[2012/10/09 17:17:11 | 000,000,000 | ---D | C] -- C:\rsit
[2012/10/09 13:38:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C0D35421-E5FC-4471-BACB-ABB5975925C7}
[2012/10/08 21:52:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BB7E2642-3C6F-426A-92FB-ECAD08E37B65}
[2012/10/08 20:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012/10/08 09:52:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F33F4E90-4C7C-49F1-A52D-3EC23F84D657}
[2012/10/07 06:54:09 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7B7C9C94-2836-4E4E-96BD-B02AAF9E8285}
[2012/10/06 11:28:43 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A6488ED8-B30C-4337-8A6D-3C097859AF3B}
[2012/10/05 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1B102234-C72E-494D-8DDA-A112DE989B91}

========== Files - Modified Within 30 Days ==========

[2012/11/04 15:23:02 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 15:23:02 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 15:16:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 15:16:08 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/11/04 15:16:00 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/11/04 15:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 15:15:40 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 13:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 13:33:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/11/04 08:48:55 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 08:48:55 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 08:48:55 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 08:26:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/11/03 20:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/11/03 20:26:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/11/03 15:33:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/11/03 14:38:16 | 000,000,571 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2012/11/02 15:14:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/10/26 12:55:23 | 000,000,495 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/26 12:54:50 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/25 13:55:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/16 16:34:53 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Warranty Registration.lnk
[2012/10/11 06:35:53 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/10/10 13:51:08 | 000,000,323 | ---- | M] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab
[2012/10/07 12:06:34 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl

========== Files Created - No Company Name ==========

[2012/11/03 20:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/11/03 14:38:16 | 000,000,571 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2012/10/16 14:24:21 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/10/16 14:24:20 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/10/13 14:07:41 | 000,000,495 | ---- | C] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/10/10 13:51:08 | 000,000,323 | ---- | C] () -- C:\Users\ann\Desktop\requested-files[2012-10-10_14_51].cab
[2012/10/07 12:06:34 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/09/02 12:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 07:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 19:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 19:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 14:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 14:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 16:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 16:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 18:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 18:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 11:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 10:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 13:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 13:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 13:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 13:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 12:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 13:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 07:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 17:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 07:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 07:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/19 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG
[2012/10/03 09:30:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013
[2011/10/13 14:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/05 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2
[2012/11/03 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Fighters
[2012/08/25 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/09/18 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2011/02/06 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba
[2012/10/03 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2011/04/20 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Vodafone
[2012/10/17 08:03:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\WildTangent
[2011/04/18 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< :\|Searchqu;true;true;true /FP >

< c:\|MyWebSearch;true;true;true /FP >
[2012/08/16 06:45:51 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage
[2012/08/16 06:45:51 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage-journal
[2012/04/29 16:06:40 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch
[2012/04/29 16:07:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar

< c:\|BabylonToolbar;true;true;true /FP >

< c:\|Sidekick;true;true;true /FP >
[2012/08/15 20:51:29 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Shopping Sidekick
[2012/09/21 17:48:40 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Shopping Sidekick\Chrome

< c:\|iNTERNET_TURBO;true;true;true /FP >
[2012/10/25 13:54:54 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\iNTERNET_TURBO

< c:\|Conduit;true;true;true /FP >
[2012/08/16 19:16:19 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
[2012/08/16 19:16:19 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
[2012/08/18 18:53:14 | 000,006,144 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage
[2012/08/18 18:53:14 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal
[2012/08/23 12:12:30 | 000,006,144 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage
[2012/08/23 12:12:30 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal
[2012/08/20 18:49:22 | 000,007,168 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
[2012/08/20 18:49:22 | 000,006,704 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
[2012/08/18 18:52:55 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage
[2012/08/18 18:52:55 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal
[2012/08/25 19:45:45 | 000,007,168 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
[2012/08/25 19:45:45 | 000,007,736 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
[2012/08/16 06:23:01 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage
[2012/08/16 06:23:01 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal
[2012/08/16 06:54:57 | 000,003,072 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage
[2012/08/16 06:54:57 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal
[2012/07/20 17:55:13 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml
[2012/07/20 17:55:12 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml
[2012/06/03 16:40:10 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml
[2012/09/21 12:50:26 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml
[2012/10/14 07:27:04 | 000,000,669 | ---- | M] () -- c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk
[2012/04/29 16:07:00 | 000,000,013 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml
[2012/04/29 16:07:06 | 000,000,013 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml
[2012/04/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
[2012/04/29 16:07:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts
[2012/04/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
[2012/04/29 16:05:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Logs
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\MyStuffApps
[2012/04/29 18:06:18 | 000,000,182 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116652_1112356_UK.xml
[2012/04/29 18:02:36 | 000,000,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1358172_1353832_UK.xml
[2012/04/29 16:06:50 | 000,010,909 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_3_3.xml
[2010/09/12 14:02:22 | 003,863,136 | ---- | M] (Conduit Ltd.) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
[2012/04/29 16:06:17 | 000,000,972 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634357308105118750_png.png
[2012/04/29 16:06:22 | 000,001,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120199365001_png.png
[2012/04/29 16:06:22 | 000,001,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120464208751_png.png
[2012/04/29 16:06:49 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:49 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:49 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:49 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:49 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:49 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:49 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:49 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:49 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:49 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:54 | 000,000,884 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_chevron_menu_gif.gif
[2012/04/29 16:06:54 | 000,000,138 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif
[2012/04/29 16:06:54 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif
[2012/04/29 16:06:53 | 000,000,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF
[2012/04/29 16:06:54 | 000,000,286 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF
[2012/04/29 16:06:53 | 000,000,658 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif
[2012/04/29 16:06:54 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif
[2012/04/29 16:06:54 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif
[2012/04/29 16:06:53 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,590 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif
[2012/04/29 16:06:53 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif
[2012/04/29 16:06:53 | 000,000,652 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,652 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_gif.gif
[2012/04/29 16:06:54 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_mini_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_mini_gif.gif
[2012/04/29 16:06:54 | 000,001,007 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_chevron_gif.gif
[2012/04/29 16:06:53 | 000,000,661 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_gif.gif
[2012/04/29 16:06:54 | 000,000,661 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,676 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_gif.gif
[2012/04/29 16:06:53 | 000,000,676 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_mini_gif.gif
[2012/04/29 16:06:53 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_gif.gif
[2012/04/29 16:06:54 | 000,001,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_mini_gif.gif
[2012/04/29 16:06:53 | 000,000,244 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_bg_gif.gif
[2012/04/29 16:06:53 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_gif.gif
[2012/04/29 16:06:54 | 000,001,001 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_chevron_gif.gif
[2012/04/29 16:06:53 | 000,000,695 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,703 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif
[2012/04/29 16:06:53 | 000,001,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif
[2012/04/29 16:06:53 | 000,000,703 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif
[2012/04/29 16:06:53 | 000,000,712 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif
[2012/04/29 16:06:53 | 000,001,132 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif
[2012/04/29 16:06:22 | 000,000,419 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
[2012/04/29 16:06:49 | 000,000,403 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
[2012/04/29 16:06:49 | 000,000,414 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
[2012/04/29 16:06:49 | 000,000,278 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
[2012/04/29 16:06:49 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
[2012/04/29 16:06:49 | 000,000,425 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
[2012/04/29 16:06:49 | 000,000,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
[2012/04/29 16:06:49 | 000,000,351 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
[2012/04/29 16:06:48 | 000,000,392 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
[2012/04/29 16:06:48 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
[2012/04/29 16:06:48 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
[2012/04/29 16:06:48 | 000,000,371 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
[2012/04/29 16:06:48 | 000,000,606 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
[2012/04/29 16:06:48 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
[2012/04/29 16:06:48 | 000,000,335 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
[2012/04/29 16:06:55 | 000,000,173 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif
[2012/04/29 16:36:57 | 000,000,379 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif
[2012/04/29 16:06:22 | 000,007,042 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
[2012/04/29 16:06:22 | 000,005,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
[2012/04/29 16:06:22 | 000,006,581 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
[2012/04/29 16:06:22 | 000,005,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
[2012/04/29 16:07:08 | 000,004,942 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml
[2012/04/29 16:06:49 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\AppsMetaData
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\DynamicDialogs
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarLogin
[2012/04/29 18:06:12 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarSettings
[2012/04/29 16:06:24 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en
[2012/04/29 16:06:24 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en\ToolbarTranslation
[2012/04/29 16:06:22 | 000,000,835 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160265771352500_gif.gif
[2012/04/29 16:06:48 | 000,000,630 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160266957415000_png.png
[2012/04/29 16:06:22 | 000,000,691 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160267103821250_gif.gif
[2012/04/29 16:06:23 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160268272102500_png.png
[2012/04/29 1616:06:23 | 000,001,224 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Facebook_xml-1-Facebook-634160268422883750_gif.gif
[2012/04/29 16:06:23 | 000,001,065 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Weather_xml-7-Classic-634160269147271250_gif.gif
[2012/04/29 16:06:52 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:52 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:52 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:52 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:52 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:52 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:52 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:52 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:52 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:52 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:53 | 000,000,705 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
[2012/04/29 16:06:54 | 000,000,746 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
[2012/04/29 16:06:53 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
[2012/04/29 16:06:53 | 000,000,338 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
[2012/04/29 16:06:53 | 000,000,545 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
[2012/04/29 16:06:54 | 000,000,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
[2012/04/29 16:06:53 | 000,003,355 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
[2012/04/29 16:06:53 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
[2012/04/29 16:06:53 | 000,000,415 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
[2012/04/29 16:06:54 | 000,000,461 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
[2012/04/29 16:06:53 | 000,000,699 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
[2012/04/29 16:06:48 | 000,000,637 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4924359782625844955_png.png
[2012/04/29 16:06:23 | 000,000,419 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
[2012/04/29 16:06:49 | 000,000,403 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
[2012/04/29 16:06:49 | 000,000,414 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
[2012/04/29 16:06:49 | 000,000,278 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
[2012/04/29 16:06:49 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
[2012/04/29 16:06:50 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
[2012/04/29 16:06:49 | 000,000,425 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
[2012/04/29 16:06:49 | 000,000,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
[2012/04/29 16:06:49 | 000,000,351 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
[2012/04/29 16:06:49 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
[2012/04/29 16:06:48 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
[2012/04/29 16:06:49 | 000,000,371 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
[2012/04/29 16:06:49 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
[2012/04/29 16:06:48 | 000,000,335 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
[2012/04/29 16:06:23 | 000,001,164 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png
[2012/04/29 16:06:45 | 000,007,042 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
[2012/04/29 16:06:45 | 000,005,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
[2012/04/29 16:06:45 | 000,006,581 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
[2012/04/29 16:06:45 | 000,005,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386
[2012/04/29 16:06:12 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\AppsMetaData
[2012/04/29 16:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\DynamicDialogs
[2012/04/29 16:06:50 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\ToolbarLogin
[2012/04/29 18:06:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386\ToolbarSettings
[2012/04/29 16:06:18 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en
[2012/04/29 16:06:18 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en\ToolbarTranslation

< c:\|ConduitEngine;true;true;true /FP >
[2012/10/14 07:27:04 | 000,000,669 | ---- | M] () -- c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
[2012/04/29 16:05:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Logs
[2012/04/29 16:06:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\MyStuffApps
[2010/09/12 14:02:22 | 003,863,136 | ---- | M] (Conduit Ltd.) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
[2012/04/29 16:06:49 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:49 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:49 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:49 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:49 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:49 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:49 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:49 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:49 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:49 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
[2012/04/29 16:06:52 | 000,000,821 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
[2012/04/29 16:06:52 | 000,000,729 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
[2012/04/29 16:06:52 | 000,000,531 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
[2012/04/29 16:06:52 | 000,000,669 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
[2012/04/29 16:06:49 | 000,000,263 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
[2012/04/29 16:06:52 | 000,000,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
[2012/04/29 16:06:52 | 000,000,562 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
[2012/04/29 16:06:52 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
[2012/04/29 16:06:52 | 000,000,706 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
[2012/04/29 16:06:52 | 000,000,674 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
[2012/04/29 16:06:52 | 000,000,607 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png

< c:\|PricePeep;true;true;true /FP >
[2012/11/03 14:33:50 | 000,083,145 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\muted_pricepeep_125[1].jpg
[2012/11/03 14:34:55 | 000,459,696 | ---- | M] () -- c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO6JZSJ7\PricePeepInstaller-Adknowledge[1]

< c:\|FunWebProducts;true;true;true /FP >
[2012/04/29 16:07:08 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts
[2012/04/29 16:07:08 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared

< c:\|babylon;true;true;true /FP >
[2012/08/25 19:36:46 | 000,002,349 | ---- | M] () -- c:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2012/08/25 19:35:22 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Babylon
[2011/05/04 16:04:14 | 000,003,577 | ---- | M] () -- c:\Program Files (x86)\mefeediatest\chrome\skin\babylon_logo.png

< c:\|InboxToolbar;true;true;true /FP >

< c:\|Bandoo;true;true;true /FP >
[2012/06/27 08:34:13 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Bandoo
[2012/05/29 14:41:24 | 000,000,042 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg

< c:\|HiYo;true;true;true /FP >
[2011/04/11 17:48:23 | 000,001,150 | ---- | M] () -- c:\Users\ann\AppData\Local\IM\DomainsFavicons\hiyo.com.ico
[2012/06/03 16:40:30 | 000,000,013 | ---- | M] () -- c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\hiyo[1].xml
[2011/08/11 06:09:50 | 000,000,171 | ---- | M] () -- c:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
[2012/10/04 13:53:09 | 000,026,906 | ---- | M] () -- c:\Windows\Prefetch\HIYOLOWINT.EXE-EC036E2D.pf
[2012/04/29 16:07:06 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar
[2012/04/29 16:36:58 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons
[2012/04/29 16:06:23 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs
[2012/04/29 16:07:09 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\EmailNotifier
[2012/04/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent
[2012/04/29 16:05:52 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Logs
[2012/04/29 16:07:09 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer
[2012/04/29 16:06:24 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository
[2012/04/29 16:06:57 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\SearchInNewTab
[2011/03/14 17:17:02 | 004,216,104 | ---- | M] (Conduit Ltd.) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\tbHiYo.dll
< c:\|Ask.com;true;true;true /FP >
[2012/11/03 15:48:06 | 000,146,432 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage
[2012/11/03 15:48:06 | 000,003,608 | ---- | M] () -- c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage-journal

< c:\|Claro LTD;true;true;true /FP >
[2012/11/03 14:34:36 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD
[2012/11/03 14:34:36 | 000,000,000 | ---D | M] -- c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD\claro

< c:\|Inbox Toolbar;true;true;true /FP >
[2012/10/25 13:54:58 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\Inbox Toolbar

< c:\|SweetIM;true;true;true /FP >
[2012/04/29 16:06:05 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM
[2012/04/29 16:06:05 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM\Toolbars

< c:\|Yontoo;true;true;true /FP >
[2012/08/25 19:37:05 | 000,000,000 | ---D | M] -- c:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_YontooSetup-S-1B_1a115f7c353b5273275381d6bf1b732876a0f2a3_1b479629
[2012/08/25 19:37:05 | 000,000,000 | ---D | M] -- c:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_YontooSetup-S-1B_1a115f7c353b5273275381d6bf1b732876a0f2a3_1b479629
[2012/11/03 14:34:46 | 001,210,432 | ---- | M] (Web Deals Interactive LLC) -- c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\yontoo-c4[1]

< c:\|boost_interprocess;true;true;true /FP >

< c:\|Wajam;true;true;true /FP >

< c:\|Tarma;true;true;true /FP >

< c:\|AskToolbar;true;true;true /FP >

< c:\|PriceGong;true;true;true /FP >
[2012/04/29 16:06:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong
[2012/04/29 16:06:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data
[2011/10/06 10:13:20 | 000,390,520 | ---- | M] (PriceGong) -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
[2010/03/28 09:22:22 | 000,001,101 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png

< c:\|Crossrider;true;true;true /FP >

< c:\|SmartBar;true;true;true /FP >

< --------- >
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/11 08:40:52 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2011/02/11 08:40:53 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2011/06/28 09:49:03 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 09:49:03 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 19:11:13 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2011/09/18 19:11:15 | 000,000,918 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/03/24 18:59:14 | 000,000,448 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for ann.job
[2012/10/16 14:24:20 | 000,000,410 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/10/16 14:24:21 | 000,000,434 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >
all done .........


----------



## eddie5659

Believe it or not, we're making a lot of progress 

So, one more fix with OTL, and then we can move to the next tool 

-----------

So, exactly as before, copy the below into OTL, into the Custom box at the bottom:



Code:


:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=1...0088252cba0aa8
CHR - homepage: http://www.claro-search.com/?affID=1...0088252cba0aa8
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-search.com/?q={searchTerms}&affID=116693&tt=4412_8&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - homepage: http://www.claro-search.com/?affID=1...0088252cba0aa8
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
CHR - plugin: Bandoo (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll

:files
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Shopping Sidekick
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml
c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml
c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\muted_pricepeep_125[1].jpg
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO6JZSJ7\PricePeepInstaller-Adknowledge[1]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
c:\Users\ann\AppData\Local\IM\DomainsFavicons\hiyo.com.ico
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\hiyo[1].xml
c:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage-journal
c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\yontoo-c4[1]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong

:reg
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\iNTERNET_TURBO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts]
[-HKEY_CURRENT_USER\Software\FunWebProducts]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\FunWebProducts]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\FunWebProducts]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Fun Web Products]
[-HKEY_CURRENT_USER\Software\Microsoft\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]

Then, click the *Run Fix* button, and post the log it creates:


----------



## sweetrose

so everythink im doing is right Eddie........lol


----------



## eddie5659

Yes, you are. We turned a big corner a few pages back, and since then, you're understanding how to run the fixes, and to post the logs correctly.

But, we'll carry on with the screenshot approach, as I feel its the easiest way to learn


----------



## sweetrose

Eddie i was a bit slow but geting it all now,i will post wot i have now


----------



## sweetrose

processes killed
Error: Unable to interpret <-------> in the current context!
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpeetItUpFree deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FDPRO-516 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
File C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll not found.
========== FILES ==========
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Settings folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Message\COMMON folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Message folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\History folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar\Cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch\bar folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch folder moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Shopping Sidekick\Chrome folder moved successfully.
c:\Users\ann\AppData\Local\Shopping Sidekick folder moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml moved successfully.
c:\Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml moved successfully.
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml moved successfully.
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml moved successfully.
c:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\MyStuffApps folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Logs folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\SearchInNewTab folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en\ToolbarTranslation folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarSettings folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\ToolbarLogin folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\DynamicDialogs folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447\AppsMetaData folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer\Skins folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Logs folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\EmailNotifier folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\UninstallDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\DetectedAppDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\DefualtImages folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs\AddedAppDialog folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Dialogs folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar folder moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2 not found.
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\muted_pricepeep_125[1].jpg moved successfully.
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO6JZSJ7\PricePeepInstaller-Adknowledge[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared\Cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts\Shared folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts folder moved successfully.
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg moved successfully.
c:\Users\ann\AppData\Local\IM\DomainsFavicons\hiyo.com.ico moved successfully.
c:\Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\hiyo[1].xml moved successfully.
c:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage moved successfully.
c:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage-journal moved successfully.
c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD\claro\1.8.3.10 folder moved successfully.
c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD\claro folder moved successfully.
c:\Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD folder moved successfully.
C:\Windows\SysWOW64\configconfig\systemprofile\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM\Toolbars folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\SweetIM folder moved successfully.
c:\Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\yontoo-c4[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\MyWebSearch\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\MyWebSearch\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\MyWebSearch\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\iNTERNET_TURBO\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\iNTERNET_TURBO\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts\ not found.
Registry key HKEY_CURRENT_USER\Software\FunWebProducts\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\FunWebProducts\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\FunWebProducts\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Fun Web Products\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users


----------



## sweetrose

er: ann
->Temp folder emptied: 8453144 bytes
->Temporary Internet Files folder emptied: 46298520 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 313592284 bytes
->Flash cache emptied: 57073 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 365438 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 181008 bytes

Total Files Cleaned = 352.00 mb

[EMPTYJAVA]

User: All Users

User: ann
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret <---------> in the current context!
Error: Unable to interpret <Then, click the *Run Fix* button, and post the log it creates:> in the current context!
Error: Unable to interpret <Image: http://i128.photobucket.com/albums/p197/eddie5659a/runFix_OTL.jpg > in the current context!
Error: Unable to interpret <***************> in the current context!
Error: Unable to interpret <There may also be other replies, but you will not receive any more notifications until you visit the forum again.> in the current context!
Error: Unable to interpret <All the best,> in the current context!
Error: Unable to interpret <Tech Support Guy Forums> in the current context!
Error: Unable to interpret <~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~> in the current context!
Error: Unable to interpret <Unsubscription information:> in the current context!
Error: Unable to interpret <To unsubscribe from this thread, please visit this page:> in the current context!
Error: Unable to interpret <http://forums.techguy.org/subscription.php?do=removesubscription&type=thread&subscriptionid=2333672&auth=3c1f909c2d5c591edc1dbc40dd37a15d> in the current context!
Error: Unable to interpret <To unsubscribe from ALL threads, please visit this page:> in the current context!
Error: Unable to interpret <http://forums.techguy.org/subscription.php?do=viewsubscription&folderid=all> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_200144

Files\Folders moved on Reboot...
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## eddie5659

Sorry for the lateness, had some personal issue to look at this week, so not been online much 

I got your email, and yes, I have recived a few things. I've looked at the email, and it appears to be coming from your account.

My suggestion is to log onto your email using a different computer, and change your password. Do you know of anyone that may use your email?

--------------

Now, I need you to use this tool. It a bit different to the others, but its pretty much automated, so once its running, you don't need to do anything. It will take some time, and the computer will reboot, so when it does, leave it and when its finished, a log will appear.

Now, I know you have AVG, so it may need to have this disabled before it can run. If it can't run, a message will pop up, explaining that. Just let me know if it does, and we'll look at that.

I can't really post any screenshots, as you don't need to do anything except open it up, and it will tell you what to do 

Disable AVG as you did here:






Download ComboFix from here:

*Download Link*


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## sweetrose

Eddie i think its working now.....


----------



## sweetrose

ComboFix 12-11-09.02 - ann 09/11/2012 18:39:38.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.995 [GMT 0:00]
Running from: c:\users\ann\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 18:49 . 2012-11-09 18:49	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-09 18:49 . 2012-11-09 18:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-06 13:51 . 2012-11-06 13:51	--------	d-----w-	c:\users\ann\AppData\Local\AVG Secure Search
2012-11-06 13:51 . 2012-11-06 13:51	--------	d-----w-	c:\programdata\AVG Secure Search
2012-11-06 13:51 . 2012-11-08 17:42	--------	d-----w-	c:\program files (x86)\AVG Secure Search
2012-11-05 15:45 . 2012-11-05 15:45	--------	d-----w-	C:\Temp
2012-11-05 14:27 . 2012-11-05 14:27	--------	d-----w-	c:\program files (x86)\Yontoo
2012-11-05 14:26 . 2012-11-05 14:27	--------	d-----w-	c:\programdata\Tarma Installer
2012-11-03 14:35 . 2012-11-03 14:35	--------	d-----w-	c:\program files (x86)\AVUS
2012-11-03 14:35 . 2012-11-03 15:39	--------	d-----w-	c:\users\ann\AppData\Roaming\Fighters
2012-11-03 14:35 . 2012-11-03 15:39	--------	d-----w-	c:\programdata\Fighters
2012-10-26 17:11 . 2012-09-24 22:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-22 13:02 . 2012-10-22 13:02	154464	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 14:45 . 2012-10-16 14:45	--------	d-----w-	c:\programdata\DriverGenius
2012-10-16 14:24 . 2012-10-16 14:24	--------	d-----w-	c:\programdata\PC Optimizer Pro
2012-10-16 14:14 . 2012-10-16 14:14	--------	d-----w-	c:\program files (x86)\mefeediatest
2012-10-16 14:14 . 2012-10-16 14:14	--------	d-----w-	c:\program files (x86)\Driver-Soft
2012-10-15 19:10 . 2012-10-15 19:10	--------	d-----w-	C:\_OTL
2012-10-15 03:48 . 2012-10-15 03:48	63328	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-10-11 06:32 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-11 06:32 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-11 06:32 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 06:32 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 06:30 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 06:30 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-11 06:30 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 06:30 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-11 06:25 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 06:25 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-11 06:25 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 06:25 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 06:25 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-11 06:25 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-11 06:24 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-11 06:24 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 13:51 . 2012-07-20 17:52	30568	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2012-10-10 21:49 . 2011-02-12 17:27	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-05 03:32 . 2012-10-05 03:32	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 02:30 . 2012-10-02 02:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-09-28 13:24 . 2012-09-28 13:10	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 13:24 . 2010-10-19 11:24	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-21 02:46 . 2012-09-21 02:46	200032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-09-21 02:46 . 2012-09-21 02:46	225120	----a-w-	c:\windows\system32\drivers\avgloga.sys
2012-09-14 02:05 . 2012-09-14 02:05	40800	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2012-08-24 11:15 . 2012-09-22 14:48	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 14:48	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 14:48	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 14:48	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 14:48	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 14:48	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 14:48	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 14:48	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 14:48	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 14:48	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 14:48	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 14:48	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 14:48	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 14:49	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 14:49	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 14:48	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 14:48	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 14:48	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 14:48	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 14:48	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 14:48	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 14:49	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-23 08:26 . 2012-09-07 05:58	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6459928-2D88-4E2A-BA20-3ABD74AA0972}\mpengine.dll
2012-08-22 18:12 . 2012-09-12 06:07	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 06:07	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 06:07	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 06:07	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 10:00	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 06:31	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
2011-05-04 16:04	81920	----a-w-	c:\program files (x86)\mefeediatest\w3itemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-06 13:51	1796552	----a-w-	c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{154d932f-dc51-4a4f-9d52-b78b1419d3b4}"= "c:\program files (x86)\mefeediatest\w3itemplateX.dll" [2011-05-04 81920]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll" [2012-11-06 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"Starter"="c:t"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-06 997320]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-06 1020512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-11-27 247968]
.
c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2012-8-23 142336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-08-11 11776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-08-11 121344]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-08-11 235520]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-06 30568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-08-18 8704]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-03 722528]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-06 711112]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-12-16 20592]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-24 349800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [2010-05-20 75776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
- c:\users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-18 19:20]
.
2012-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
- c:\users\ann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-18 19:20]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 09:48]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 09:48]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
- c:\users\ann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 08:40]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
- c:\users\ann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 08:40]
.
2012-03-25 c:\windows\Tasks\Norton Security Scan for ann.job
- c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-03-24 07:47]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.claro-search.com/?affID=116693&tt=4412_8&babsrc=HP_ss&mntrId=66338fed00000000000088252cba0aa8
mDefault_Page_URL = hxxp://uk.yahoo.com/?fr=mkg029
mStart Page = hxxp://uk.yahoo.com/?fr=mkg029
mLocal Page= 194.168.4.100 194.168.8.100
TCP: Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"=hex:51,66,7a,6c,4c,1d,38,12,da,93,18,
d0,83,9d,05,08,da,c1,9f,44,19,45,32,d4
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{B7CBCAC5-4CE2-4E50-9C6E-7D863A87AA96}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c9,d8,
b3,d0,02,3e,0b,e3,78,3e,c6,3f,d9,ee,82
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2,
03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5,
04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2,
03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,8c,b3,e4,21,26,cd,01
.


----------



## sweetrose

f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ea,8c,b3,e4,21,26,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-09 18:54:27
ComboFix-quarantined-files.txt 2012-11-09 18:54
ComboFix2.txt 2012-11-08 19:35
.
Pre-Run: 82,627,874,816 bytes free
Post-Run: 82,200,547,328 bytes free
.
- - End Of File - - F336D4B9333C23BA4EE1A0E0A1620C31


----------



## eddie5659

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Disable AVG as you did here:






3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## sweetrose

Eddie for some reson it s not working


----------



## eddie5659

Okay. Have you downloaded the CFScript.txt?

If so, you need to make sure its in the same place as the actual Combofix program is, so you can drag it onto the icon.

Which part isn't working properly?


----------



## sweetrose

when you drag eDDIE


----------



## eddie5659

Just about to eat, but when you drag it onto the Combofix icon, what is the message that comes up?


----------



## sweetrose

its still runing on combofix.c


----------



## eddie5659

So, the program is running, which is correct 

Then, after its done, a new log will be produced, which you need to copy/paste here as you did the other one before


----------



## sweetrose

its taking a long time


----------



## sweetrose

Eddie.my net wont come back so i cant get on anythink im leaning my friends laptop now ,i did that dowload you told me and my net went of and never come back on.wot do i do to get it back have to give my friend her laptop back soon.


----------



## eddie5659

That's strange, as the fix I uploaded didn't remove or delete anything 

I know it sounds a stupid question, but have you tried rebooting the computer?

Also, what message comes up when you try and get online?

eddie


----------



## sweetrose

Eddie it still dont work.im on my friends laptop


----------



## eddie5659

Can you go here:

C:\qoobox\ComboFix2.txt 

And copy/paste the contents of the log.

Also, can you look here:

C:\Qoobox\Quarantine\Registry_backups

And tell me what there is there.


----------



## sweetrose

wot on my laptop EDDIE,as im on my freands


----------



## eddie5659

Yes, if you can. Do you have a memory stick handy?


----------



## sweetrose

no memory stick.and its not working


----------



## eddie5659

Bear with me...


----------



## sweetrose

Im trying eveythink you told me


----------



## eddie5659

Go to *Start *- *Run *- type in *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

You will need to reboot afterwards.

Let us know if you see any difference after doing the above please.


----------



## sweetrose

Its a black box eddie saying users\ann / cant right anythink in it


----------



## eddie5659

You don't need to right-click in it, just type :

*netsh winsock reset catalog*

and press the Enter key

And then type this:

*netsh int ip reset resetlog.txt*

And press enter again, and then reboot the computer 

I'll get some screenshots, but will have to be after 11pm, as I have to go out briefly till then


----------



## eddie5659

Sorry, thought you meant right-click 

Just place your mouse after the users\ann bit, and click amd then it will start flashing.

Then start typing


----------



## sweetrose

Every time i do it it gos of


----------



## sweetrose

Eddie if i don,t see you tonight i will be here tomorrow as im not working .not sure how long iv got this laptop for


----------



## eddie5659

Okay, this is what to do, as I've now manged to post some screenshots for you 

So, you've opened up the cmd screen, and get this:










But yours says *C:\users\ann >*

So, place the mouse on the end of the *C:\users\ann >* line, and click so that the *_* flashes:










Then, just type the following onto the line:

*netsh winsock reset catalog*










and then press the *Enter* on your keyboard.

Then, type the following:

*netsh int ip reset resetlog.txt*










and then press the *Enter* on your keyboard.

Now, close the *CMD * screen, by pressing the X in the top right:










Now, reboot the computer, and see if that helps.


----------



## sweetrose

I don,t no how to reboot on my laptop


----------



## eddie5659

If you turn off your laptop by going to Start | and then Shut down.

Then, when its been off for a while, start it up again by pressing the Start button.


----------



## sweetrose

Eddie i have my laptop back on and its now on repair to fix.let you no if it works


----------



## sweetrose

still don,t work EDDIE


----------



## eddie5659

On the laptop you're using now, is there any way that you can copy something, either onto disk or via a usb stick?

Still at work, but I'm assuming that you shut down the laptop and router to see if it works.


Also, are you using the same router with your friends laptop?


----------



## sweetrose

Don,t have a sick eddie ,and yes same router.....


----------



## eddie5659

Just got in from work, grabbing a cup of tea, back in a min


----------



## sweetrose

Ok eddie.i hope i dont keep you up late


----------



## eddie5659

Turned out to be a 13hr day, and I normally do 8hrs 

Okay, so the cmd screen options didn't work, and you have nothing to get any files onto there. So, we'll do a restore back to a date before Combofix was run.

But, it won't be too far back, but once we're back online, I may have to check some things out, but we'll leave ComboFix alone.

Still confused why it happened, as the fix I posted wasn't removing anything 


So, let me grab some screenshots, back in a few mins..


----------



## sweetrose

EDDIE I DON,T NO WHY IT happened I DID WOT YOU TOLD ME WITH THE FIX THEN THE NET WENT OFF,,,,YOU EAT


----------



## eddie5659

Its okay, eating while I type 

I know, its just one of those things that happens with malware removal, its not your fault. But, we'll try and get you back online again 

---

Okay, lets try a restore, using restore points that were created over time.

So, firstly, go to the Control Panel, and depending on what set up you have, do the following:

*Large Icons* - Click on *System*

*Category * - Click on *System and Security* and then *System*

So, you'll be in *System* either way:










On the left, select *System Protection*










And the following will appear:










Click on the *System Restore* button:










Then, the following will appear:










Click on *Next*










and then this will appear:










Then, click on the option to *Show More Restore Points*










Now, at this point, you need to select one before the problem occured. So, look for one that is before the 10 November 2012. Can you see one?

If you can, click to highlight it, and select *Next* and then allow the restore to take place (mine below is only an example, you may have different dates):










Reboot if it doesn't do it for you.

Does that help?


----------



## sweetrose

doing it now EDDIE will let you no what happens


----------



## eddie5659

*fingers crossed*


----------



## sweetrose

nope Eddie it says limited access again


----------



## eddie5659

How far back did it go, as in the date?


----------



## sweetrose

where you told me,shoul i have a new go


----------



## eddie5659

Going to get someone that knows about Networking, as it looks like its connection to the router is having problems. 

Back in a bit


----------



## eddie5659

I know you did a restore, but what date did you choose? Was it before the 10th November?


----------



## sweetrose

ok eddie i will look in morning please dont let me keep you up.


----------



## eddie5659

Its okay, off to bed in a few minutes. Just curious what date you selected, as a restore normally helps.

However, I've asked for some help on the issue


----------



## sweetrose

Eddie i did it again and its working now,,;,)


----------



## eddie5659

Excellent, which did you do in the end: The restore or the cmd bit?

If it was the restore, we may have to see what needs to be done. If cmd, then we can carry on


----------



## sweetrose

i did the restore again Eddi and it works


----------



## eddie5659

Okay. Do you know how far back you went, as in the date that you chose?

Can you do this again, so I can see where we're up to 

Do you still have adwcleaner? If you're not sure, this is how to run the program again:

----------

Please download *AdwCleaner* by Xplode onto your desktop.

When you double-click it to open, it will look like this:










Click on the *Search* button:










A log will appear when its finished, but if you can't see it, it will be in this location:

*C:\AdwCleaner[R1].txt*

Post the contents here as before


----------



## sweetrose

i went back to the 10 nov


----------



## sweetrose

will look to see if i have it,,but will the net go of again


----------



## eddie5659

The 10th? Okay, let me have a looksee.

Don't worry, we won't use ComboFix again, as that was the reason you lost the connection. All the other tools were okay 

Just run the above tool whilst I see where we were


----------



## sweetrose

ok .do i trun the virus of


----------



## sweetrose

crossroad


----------



## sweetrose

AdwCleaner v2.006 - Logfile created 11/15/2012 at 21:15:23
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE


----------



## sweetrose

ey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key y Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [29826 octets] - [03/11/2012 18:53:29]
AdwCleaner[S1].txt - [29417 octets] - [03/11/2012 19:15:47]
AdwCleaner[S2].txt - [1025 octets] - [03/11/2012 19:21:46]
AdwCleaner[S3].txt - [1036 octets] - [03/11/2012 19:40:19]
AdwCleaner[R2].txt - [15825 octets] - [15/11/2012 21:13:33]
AdwCleaner[R3].txt - [15857 octets] - [15/11/2012 21:15:23]

########## EOF - C:\AdwCleaner[R3].txt - [15918 octets] ##########


----------



## eddie5659

Okay, that has found a lot of things, all of which we can now remove 

So, open it up again, but this time click on the *Delete* button:










Confirm each time with *Ok*

You will be prompted to restart your computer. A text file will open after the restart.

Post the contents of the log. If it doesn't appear, locate it here:

*C:\AdwCleaner[S4].txt*

eddie


----------



## sweetrose

Eddie i can,t see the words now.there too tiny


----------



## eddie5659

Not sure what you mean. Which words are tiny?


----------



## sweetrose

all writing is Eddie .its hard to see wot yr righting


----------



## sweetrose

im finding it hard to read anythink.why is that


----------



## eddie5659

Do you have a mouse with a scroll wheel? If so, on your keyboard, press and hold down the *CTRL* button, and with the wheel of your mouse, scroll it forwards, and the font size will increase


----------



## sweetrose

don,t have a mouse


----------



## eddie5659

Are you using Firefox or Internet Explorer as your browser?


----------



## sweetrose

im not sure .


----------



## eddie5659

When you go onto the internet, what do you click on? Is it red or blue, the icon?


----------



## sweetrose

its blue.im fining it so hard to see wot yr wrighting


----------



## eddie5659

I know, I'll get it back for you.

Okay, in your internet page:










Click on the *View* option at the very top:










From the list, click onto *Zoom*










In there, click on the *100%* Option:










And it should be back to normal


----------



## sweetrose

i can,t find that


----------



## eddie5659

Okay, I'll post the Firefox one in a min


----------



## sweetrose

ican,t see that becoust somthink is up there now.internet trubo.


----------



## eddie5659

Go to the*View* at the top, and then click on *Zoom* and then on the *Reset*:


----------



## eddie5659

Internet Turbo, its something we're trying to remove. See if you can do the above


----------



## sweetrose

i can,t get to see any of them Eddie


----------



## eddie5659

Okay, can you run the AdwCleaner for the Delete part, and post the log.

Hopefully that will remove the Internet Turbo


----------



## sweetrose

dwCleaner v2.007 - Logfile created 11/15/2012 at 21:49:18
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\ann\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=116693&tt=4412_8&babsrc=HP_ss&mntrId=66338fed00000000000088252cba0aa8 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.64

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=116693&tt=4412_8&babsrc=HP_ss&mntrId=66338fed00000000000088252cba0aa8" ]
Deleted [l.2302] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=116693&tt=4412_8&babsrc=HP_ss&mntrId=66338fed00000000000088252cba0aa8" ]

*************************

AdwCleaner[R1].txt - [29826 octets] - [03/11/2012 18:53:29]
AdwCleaner[R2].txt - [15825 octets] - [15/11/2012 21:13:33]
AdwCleaner[R3].txt - [15886 octets] - [15/11/2012 21:15:23]
AdwCleaner[S1].txt - [29417 octets] - [03/11/2012 19:15:47]
AdwCleaner[S2].txt - [1025 octets] - [03/11/2012 19:21:46]
AdwCleaner[S3].txt - [1036 octets] - [03/11/2012 19:40:19]
AdwCleaner[S4].txt - [16536 octets] - [15/11/2012 21:49:18]

########## EOF - C:\AdwCleaner[S4].txt - [16597 octets] ##########


----------



## eddie5659

Okay, has the Internet Turbo gone now from the top of the page?

Also, is the writing still small?


----------



## sweetrose

the trubo is showing still on yahoo email and yes still smaill


----------



## eddie5659

Is it only on Yahoo email? What about this page, here at Tech Support Guy, or Google?


----------



## sweetrose

its on every page i go on


----------



## eddie5659

Can you use Malwarebytes' Anti-Malware (you should have a desktop icon to it) and update it, as it's been a few days. It should automatically say an update is needed.


Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

It may take a while to run, so tomorrow is fine. Or, I'll be here another hour 

eddie


----------



## sweetrose

do i have to dowload it


----------



## eddie5659

Nope, if you go to the desktop, you're looking for an icon that looks like this:


----------



## sweetrose

no its not there


----------



## eddie5659

Okay, if you click on *Start* and then *All Programs* and then scroll down until you see the folder for *Malwarebytes' Anti-Malware*. Click that to open it, and inside you'll see the program, with the icon above


----------



## sweetrose

its not there


----------



## eddie5659

Okay, download a fresh one as follows:

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*


----------



## sweetrose

lwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

16/11/2012 07:52:08
mbam-log-2012-11-16 (07-52-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205373
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## sweetrose

Eddie iv done it,i can now see the words......


----------



## sweetrose

still ok Eddie


----------



## eddie5659

Hi, yep ok still, just was away most of the weekend.

Let me just look at something, as for some reason the files are not being removed.


----------



## sweetrose

hope yr weekenad was good Eddie.im of out soon ,just leave me yr message and i will get back to you


----------



## eddie5659

Yep, it was, and off out tomorrow, but will post the next part of this post before I go 

Hope you had a nice weekend as well.
-------------

Okay, now there is a few things left that we need to do. So, firstly, do you still have the SystemLook program?

I'll be doing this in stages, as I think all at one go, may lead to mistakes, so we'll be posting a few lists, so that I can get the whole picture 

It will have this icon:










If not, redownload it from here:

*Download Link*

Now, what I need you to do is run a scan so we can see what's left:

So, once you've either downloaded SystemLook, or found the original in your Download folder, open it up so it looks like this:










Now, I've created some code below. Using the mouse, highlight everything as you did before, by dragging the mouse to make all the words blue, so that its from the *:folderfind* all the way down to **I Want This**

Then, right-click using your mouse and select *Copy*



Code:


:folderfind
*Searchqu*
*MyWebSearch*
*BabylonToolbar*
*Sidekick*
*iNTERNET_TURBO*
*Conduit*
*PricePeep*
*FunWebProducts*
*babylon*
*InboxToolbar*
*Bandoo*
*IncrediMail*
*Inbox.com*
*HiYo*
*MyWebSearchService*
*215Apps*
*Crossrider*
*Ask.com*
*AVG Secure Search*
*Claro LTD*
*Inbox Toolbar*
*Yontoo*
*boost_interprocess*
*Tarma Installer*
*Wajam*
*PriceGong*
*SmartBar*
*Fun Web Products*
*Cr_Installer*
*I Want This*
:filefind
*Searchqu*
*MyWebSearch*
*BabylonToolbar*
*Sidekick*
*iNTERNET_TURBO*
*Conduit*
*PricePeep*
*FunWebProducts*
*babylon*
*InboxToolbar*
*Bandoo*
*IncrediMail*
*Inbox.com*
*HiYo*
*MyWebSearchService*
*215Apps*
*Crossrider*
*Ask.com*
*AVG Secure Search*
*Claro LTD*
*Inbox Toolbar*
*Yontoo*
*boost_interprocess*
*Tarma Installer*
*Wajam*
*PriceGong*
*SmartBar*
*Fun Web Products*
*Cr_Installer*
*I Want This*

Now, inside the SystemLook box, right-click with your mouse and select the *Paste* option:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished. Copy/Paste the contents of the log here, as before 

eddie


----------



## sweetrose

will do that tomorrow Eddie.


----------



## sweetrose

ystemLook 30.07.11 by jpshortstuff
Log created at 17:50 on 20/11/2012 by ann
Administrator - Elevation successful

No Context: olderfind

No Context: *Searchqu*

No Context: *MyWebSearch*

No Context: *BabylonToolbar*

No Context: *Sidekick*

No Context: *iNTERNET_TURBO*

No Context: *Conduit*

No Context: *PricePeep*

No Context: *FunWebProducts*

No Context: *babylon*

No Context: *InboxToolbar*

No Context: *Bandoo*

No Context: *IncrediMail*

No Context: *Inbox.com*

No Context: *HiYo*

No Context: *MyWebSearchService*

No Context: *215Apps*

No Context: *Crossrider*

No Context: *Ask.com*

No Context: *AVG Secure Search*

No Context: *Claro LTD*

No Context: *Inbox Toolbar*

No Context: *Yontoo*boost_interprocess*

No Context: *Tarma Installer*

No Context: *Wajam*

No Context: *PriceGong*

No Context: *SmartBar*

No Context: *Fun Web Products*

No Context: *Cr_Installer*

No Context: *I Want This*

========== filefind ==========

Searching for "*Searchqu*"
No files found.

Searching for "*MyWebSearch*"
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage	--a---- 3072 bytes	[06:45 16/08/2012]	[06:45 16/08/2012] D01F170F6DC03271B81ED340720B602F
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic.mywebsearch.com_0.localstorage-journal	--a---- 3608 bytes	[06:45 16/08/2012]	[06:45 16/08/2012] 4A5B48912E00E75B160A6D1EC77D620E

Searching for "*BabylonToolbar*"
No files found.

Searching for "*Sidekick*"
No files found.

Searching for "*iNTERNET_TURBO*"
No files found.

Searching for "*Conduit*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage	--a---- 9216 bytes	[22:05 15/11/2012]	[18:25 18/11/2012] 6CB4D595A86AE972B067819E9565B825
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal	--a---- 9800 bytes	[22:05 15/11/2012]	[18:25 18/11/2012] C3C9F1503BD6656EE632D313A68CBBC7
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage	--a---- 1250304 bytes	[21:53 15/11/2012]	[17:58 20/11/2012] B1B0F1FD8C95B8054ECE8E821863CDC0
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal	--a---- 12896 bytes	[21:53 15/11/2012]	[17:58 20/11/2012] A22ADB464BB6CD12013BEAD2E27B96F5
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage	--a---- 10240 bytes	[21:53 15/11/2012]	[17:58 20/11/2012] B432B37F2E226BB506FCD384F619002C
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal	--a---- 10832 bytes	[21:53 15/11/2012]	[17:58 20/11/2012] 9B5014533969A4AC53110CB2DFC23B3B
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160265771352500_gif.gif	--a---- 835 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3F1A79AFAB8DCB44F1E6F7E7698B78DA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160266957415000_png.png	--a---- 630 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 34C53CCB34F0D7730B29451E3A20F469
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160267103821250_gif.gif	--a---- 691 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 24A58B5BD0352E5B456A260BA6F16A9D
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160268272102500_png.png	--a---- 759 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9D3090156ADDE9CA1838BD94FBD07CEA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Facebook_xml-1-Facebook-634160268422883750_gif.gif	--a---- 1224 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A7E8C555187D42AEE147B9FC7D1AB79E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Weather_xml-7-Classic-634160269147271250_gif.gif	--a---- 1065 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C223894F1F55B287A2BAFAAE34DF7000
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 650731EEF807C292E699779B12CBE552
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png	--a---- 705 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 70B83DCDF7A6FA34240E1AA1D23EE535
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png	--a---- 746 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2AE805114215925E00858FD2FEFF1439
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6CFEA2D0DB786FDB4D72C1C1DE036822
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png	--a---- 338 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] DB45ACA16C515F2FD8CB3B6F5E4FC386
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png	--a---- 545 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6EB69BFCBFD422247C103705B532BFE1
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png	--a---- 514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7F396C3A400239B9B66DEC2D503D86BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png	--a---- 3355 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC261A170D34BE434129E71B9C2C0408
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 62C86296694EF7F41D380804A58EF5CA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png	--a---- 415 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E42D284CC0436B66C1DB4AAFFCCC1957
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png	--a---- 461 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B4AEAC6600360BC4148538F716453AAC
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png	--a---- 699 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 640E17444F44717CA5039BCB7FD3551E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4924359782625844955_png.png	--a---- 637 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E3FA3219ACA7913D8E0575213B885A4D
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6427565C7105DC497287866100F260BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE5A39669C623937C0839E079E1088D5
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif	--a---- 335 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 766433EF38BDA83C4FD4932027A4B9D5
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png	--a---- 1164 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 31739E90689A4A6E14D8782F8E4C3434
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7042 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5515 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage	--a---- 3072 bytes	[19:16 16/08/2012]	[19:16 16/08/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[19:16 16/08/2012]	[19:16 16/08/2012] 3458DC4F2D7DC8F065F6BDAE7E399C12
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage	--a---- 6144 bytes	[06:50 16/08/2012]	[18:53 18/08/2012] B64077FE749D879F581D2FCDBEC6CE52
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:50 16/08/2012]	[18:53 18/08/2012] 5EEB3DE79DF8A496F544F6F98E10BC52
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage	--a---- 6144 bytes	[14:42 16/08/2012]	[12:12 23/08/2012] 620D30CF38D7BC1F843CE340B6879697
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[14:42 16/08/2012]	[12:12 23/08/2012] D5A13FF2DA9666CF5300471E9DE23214
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage	--a---- 7168 bytes	[18:49 20/08/2012]	[18:49 20/08/2012] 92D0F7D50B50755027FB0EB427E560EC
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal	--a---- 6704 bytes	[18:49 20/08/2012]	[18:49 20/08/2012] 5B65B690E8663D68531FEF8EC5030253
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage	--a---- 3072 bytes	[06:50 16/08/2012]	[18:52 18/08/2012] 97E03A91DE78EE537362C9A452D7400C
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[06:50 16/08/2012]	[18:52 18/08/2012] DD601D89E621822391BFDEE69C41C3FE
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage	--a---- 7168 bytes	[20:52 15/08/2012]	[19:45 25/08/2012] 2DC925D143E264795C133D0F9461B4FE
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal	--a---- 7736 bytes	[20:52 15/08/2012]	[19:45 25/08/2012] AC76032C817693F90B46C593933D664D
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage	--a---- 3072 bytes	[06:22 16/08/2012]	[06:23 16/08/2012] 23C8C78DB5D9D8F47A6639EE8724DB12
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:22 16/08/2012]	[06:23 16/08/2012] 02C872E4E38CE6349586495577FF7C67
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage	--a---- 3072 bytes	[06:51 16/08/2012]	[06:54 16/08/2012] 545EA5083AC1C1CE0E814A5C1B2DA50A
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:51 16/08/2012]	[06:54 16/08/2012] F620AB3F4449814B05AD0D74F0C20E6E
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml	--a---- 13 bytes	[17:55 20/07/2012]	[17:55 20/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml	--a---- 13 bytes	[17:55 20/07/2012]	[17:55 20/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml	--a---- 13 bytes	[16:40 03/06/2012]	[16:40 03/06/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml	--a---- 13 bytes	[12:50 21/09/2012]	[12:50 21/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk	--a---- 669 bytes	[07:27 14/10/2012]	[07:27 14/10/2012] 4CBE76C5D3115B6D1EE240E92E001FD4
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml	--a---- 13 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml	--a---- 13 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116652_1112356_UK.xml	--a---- 182 bytes	[18:06 29/04/2012]	[18:06 29/04/2012] F87C0B5A8F9D3BB69503C269B937D1D3
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1358172_1353832_UK.xml	--a---- 187 bytes	[16:07 29/04/2012]	[18:02 29/04/2012] A3E1EDBC04ECFB3A352640CD4A6E4F5F
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_3_3.xml	--a---- 10909 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 1B3B574AA349758343D3C80787B9739E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll	--a---- 3863136 bytes	[16:05 29/04/2012]	[14:02 12/09/2010] 895C4812245E244B2F81C71BAD0C4E55
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634357308105118750_png.png	--a---- 972 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7D58BF1AA07D1D6CAA0A5C0101B91F18
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120199365001_png.png	--a---- 1000 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 1A82B42403E7596662312EA62C76836E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120464208751_png.png	--a---- 1372 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E30DCBA828C56CEB8E653C7DF188AC9A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 650731EEF807C292E699779B12CBE552
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_chevron_menu_gif.gif	--a---- 884 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 872292DE9C3484F16BDA3A0900533398
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif	--a---- 138 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D5E20EF49F3808A51AA78B090CBB4B12
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif	--a---- 119 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A5220F9E01F826B14FB6E2C3F4ECE421
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF	--a---- 465 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 02203C380AF50E00A0DFDB7C784F961A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF	--a---- 286 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 27B43532E7F5E4A6E339EFD8011C16F1
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif	--a---- 658 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 576E8AE9DA580108D5E93341140B6345
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif	--a---- 598 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 591233CBD455659937B107D87BE97E7C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif	--a---- 386 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93EAAC8DE4960D491628477809038DA5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 81BA97263822D545B98ECB1D676DB5F3
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif	--a---- 598 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BFB6AC32B680CC2DC9E3B042239BFB20
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif	--a---- 590 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EFFF305AD2F5AA1DB77F7786B490DC61
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] CE62E18B9DC4BE7EAB8D2D574128CE77
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_gif.gif	--a---- 652 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 74ED5324648F879B6CCEF58E2DF9E49D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_mini_gif.gif	--a---- 652 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 74ED5324648F879B6CCEF58E2DF9E49D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_gif.gif	--a---- 672 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D785EA3384FE734DBE31B821F6514F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_mini_gif.gif	--a---- 672 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D785EA3384FE734DBE31B821F6514F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2F2AD66C23996419E7D8266ECDDA1F88
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_mini_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2F2AD66C23996419E7D8266ECDDA1F88
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_chevron_gif.gif	--a---- 1007 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F9897266FC817421D83726AD3F4402FA
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_gif.gif	--a---- 661 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E6ABE3C5999EE1F0013004AA549B8E60
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_mini_gif.gif	--a---- 661 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E6ABE3C5999EE1F0013004AA549B8E60
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_gif.gif	--a---- 676 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 40A8862A7994FA5600025CFDF7A8B81E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_mini_gif.gif	--a---- 676 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 40A8862A7994FA5600025CFDF7A8B81E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BF6A9260886A9E4ACB4023A2EF9F610A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_mini_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BF6A9260886A9E4ACB4023A2EF9F610A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_bg_gif.gif	--a---- 244 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 86E2DDD8337AF0386A656216B67EFF64
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_gif.gif	--a---- 129 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 556E84F732734EA045DBCF4DD6098BBB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_chevron_gif.gif	--a---- 1001 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7428C0515D708D7C3520CF78F85B74FE
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif	--a---- 695 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6E6BA836B7FEE53CE498ECE354A9C2D9
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif	--a---- 703 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 253E89E7D1686D67C40FFB20FF78FEEF
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif	--a---- 1126 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B1BE39AC8F8DDBD990E30CD513A77ACA
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif	--a---- 703 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 64383A68A4B5EF32C30E151EB53F53E8
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif	--a---- 712 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 5AB7200023489A910B502A6EEE23674D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif	--a---- 1132 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B13B78C10FB60AB39EDB1951707360FC
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6427565C7105DC497287866100F260BB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C3EBA0237D68F665AF6D663906221092
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif	--a---- 392 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 5E7217A3357550F9749A095631F51015
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif	--a---- 606 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2A1D4FB45F62D3D260F2134228FAB05E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE5A39669C623937C0839E079E1088D5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif	--a---- 335 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 766433EF38BDA83C4FD4932027A4B9D5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif	--a---- 173 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E509575F473727B14C87367068C42353
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif	--a---- 379 bytes	[16:36 29/04/2012]	[16:36 29/04/2012] 8ACA902931FBDF51B3BB293D6E15D70F
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7042 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5515 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml	--a---- 4942 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] 213501875E79F6553804637337DDF997

Searching for "*PricePeep*"
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\muted_pricepeep_125[1].jpg	--a---- 83145 bytes	[14:33 03/11/2012]	[14:33 03/11/2012] AB65E99207975A3FFDECD66C7CABF23D
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XO6JZSJ7\PricePeepInstaller-Adknowledge[1]	--a---- 459696 bytes	[14:34 03/11/2012]	[14:34 03/11/2012] 6448B83BDCF40100736A166E2E5B1080

Searching for "*FunWebProducts*"
No files found.

Searching for "*babylon*"
C:\Program Files (x86)\mefeediatest\chrome\skin\babylon_logo.png	--a---- 3577 bytes	[16:04 04/05/2011]	[16:04 04/05/2011] 30FF3A31EDC0442F934F703C26B9F572
C:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml	--a---- 2349 bytes	[19:36 25/08/2012]	[19:36 25/08/2012] 647166ECDF6EFF3177FDA1B2D5EBAC8C

Searching for "*InboxToolbar*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg	--a---- 42 bytes	[14:41 29/05/2012]	[14:41 29/05/2012] 141455684CF7B8F10C810BD8DDB3A71D

Searching for "*IncrediMail*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredimail.com_0.localstorage	--a---- 7168 bytes	[17:30 21/08/2012]	[21:48 22/08/2012] B93D6926A83181A6262F4105B96B7ADB
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.incredimail.com_0.localstorage-journal	--a---- 7736 bytes	[17:30 21/08/2012]	[21:48 22/08/2012] 180E192FB3FA18D382DF668DB7EDB7F6
C:\Users\ann\AppData\Local\IM\DomainsFavicons\incredimail-corp.com.ico	--a---- 1150 bytes	[17:46 11/04/2011]	[17:46 11/04/2011] E4CCB9296E9A14877DF37D0339C2557D
C:\Users\ann\AppData\Local\IM\DomainsFavicons\incredimail.com.ico	--a---- 1150 bytes	[17:46 11/04/2011]	[17:46 11/04/2011] E4CCB9296E9A14877DF37D0339C2557D
C:\Users\ann\AppData\Local\IM\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\incredimail_left2_gold_234x60[1].swf	--a---- 14435 bytes	[14:38 06/10/2012]	[14:38 06/10/2012] 65ED68B178077BFE73D881E44AFDE084
C:\Users\ann\AppData\Local\IM\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{D48362CB-0E8B-4A1D-A360-C34C11220108}\incredimail_left_gold_234x60[1].swf	--a---- 30464 bytes	[14:38 06/10/2012]	[14:38 06/10/2012] AE18100A557122A55C82FA46B3DA5B81
C:\Users\ann\AppData\Local\IM\Runtime\IncrediMail_Install.exe	--a---- 473424 bytes	[06:26 03/04/2011]	[19:56 10/08/2011] 3AFB88A6E7CEECABA96A4550B20EADE9
C:\Users\ann\AppData\Local\IM\Runtime\Skin\E2FEE54A-6EB1-47C5-9027-44ABECEAF3E3\open_incredimail.ico	--a---- 1150 bytes	[16:19 28/10/2009]	[16:19 28/10/2009] 7BC5EF6A24D656A004D8FA1F23307960
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt	--a---- 185 bytes	[19:24 20/06/2011]	[06:06 11/08/2011] 93E0DB58B1C395C337419C7F5A3384D1
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt	--a---- 1297 bytes	[11:38 20/04/2011]	[11:38 20/04/2011] 3A20E9366F70F7F2A0A39DD266914197
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt	--a---- 1723 bytes	[10:01 20/04/2011]	[10:01 20/04/2011] CFAA3613BC7F6832899D09AD6362FB79
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt	--a---- 1300 bytes	[10:01 20/04/2011]	[10:01 20/04/2011] 1879B1506C0546088A849E52FC49C385
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt	--a---- 155 bytes	[15:54 10/06/2011]	[15:54 10/06/2011] 063569D8D78CE105EB80BC5F7FC59BAE

Searching for "*Inbox.com*"
No files found.

Searching for "*HiYo*"
C:\Windows\Prefetch\HIYOLOWINT.EXE-EC036E2D.pf	--a---- 26906 bytes	[08:35 06/09/2011]	[13:53 04/10/2012] 5A2DFC9E6FDD7726F7308F613F563F4F
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\IM\DomainsFavicons\hiyo.com.ico	--a---- 1150 bytes	[17:48 11/04/2011]	[17:48 11/04/2011] 4364E3AD731E351EECAD5EB411CBEBD1
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\hiyo[1].xml	--a---- 13 bytes	[16:40 03/06/2012]	[16:40 03/06/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt	--a---- 171 bytes	[06:08 11/08/2011]	[06:09 11/08/2011] 75AC91F2D966C605C33D8E700F1E5990
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\tbHiYo.dll	--a---- 4216104 bytes	[16:05 29/04/2012]	[17:17 14/03/2011] 1A8438854DD15E4389F5BDEF502C369D

Searching for "*MyWebSearchService*"
No files found.

Searching for "*215Apps*"
No files found.

Searching for "*Crossridercom*"
No files found.

Searching for "*AVG Secure Search*"
No files found.

Searching for "*Claro LTD*"
No files found.

Searching for "*Inbox Toolbar*"
No files found.

Searching for "*Yontoo*"
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O095QN0R\yontoo-c4[1]	--a---- 1210432 bytes	[14:34 03/11/2012]	[14:34 03/11/2012] AEB17980B1864EB67BEAA7BB6849FDD2

Searching for "*boost_interprocess*"
No files found.

Searching for "*Tarma Installer*"
No files found.

Searching for "*Wajam*"
No files found.

Searching for "*PriceGong*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage	--a---- 1251328 bytes	[21:53 15/11/2012]	[18:12 20/11/2012] BB5B2DDEA1DDE5CD7F7AA5276C9D6B64
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal	--a---- 12896 bytes	[21:53 15/11/2012]	[18:12 20/11/2012] FF6C605B94937B03258C709E715A721B
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll	--a---- 390520 bytes	[10:13 06/10/2011]	[10:13 06/10/2011] 64CCC4B888265C203E80621D3F1742A7
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png	--a---- 1101 bytes	[09:22 28/03/2010]	[09:22 28/03/2010] B5ECF14044E4FD55F61A7499D5687118

Searching for "*SmartBar*"
No files found.

Searching for "*Fun Web Products*"
No files found.

Searching for "*Cr_Installer*"
No files found.

-= EOF =


----------



## eddie5659

I'll have a look at this when home tonight, but just seen that you missed a bit off the folder search, which is why it says 'no context'.

Can you use SystemLook again, but with this code, and post the log. Make sure to include the *:folderfind* part



Code:


:folderfind
*Searchqu*
*MyWebSearch*
*BabylonToolbar*
*Sidekick*
*iNTERNET_TURBO*
*Conduit*
*PricePeep*
*FunWebProducts*
*babylon*
*InboxToolbar*
*Bandoo*
*IncrediMail*
*Inbox.com*
*HiYo*
*MyWebSearchService*
*215Apps*
*Crossrider*
*Ask.com*
*AVG Secure Search*
*Claro LTD*
*Inbox Toolbar*
*Yontoo*
*boost_interprocess*
*Tarma Installer*
*Wajam*
*PriceGong*
*SmartBar*
*Fun Web Products*
*Cr_Installer*
*I Want This*


----------



## sweetrose

ystemLook 30.07.11 by jpshortstuff
Log created at 14:04 on 21/11/2012 by ann
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Searchqu*"
No folders found.

Searching for "*MyWebSearch*"
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\MyWebSearch	d------	[16:06 29/04/2012]

Searching for "*BabylonToolbar*"
No folders found.

Searching for "*Sidekick*"
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Shopping Sidekick	d------	[20:51 15/08/2012]

Searching for "*iNTERNET_TURBO*"
C:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\iNTERNET_TURBO	d------	[13:54 25/10/2012]

Searching for "*Conduit*"
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386	d------	[16:06 29/04/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine	d------	[16:05 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en	d------	[16:06 29/04/2012]

Searching for "*PricePeep*"
No folders found.

Searching for "*FunWebProducts*"
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\FunWebProducts	d------	[16:07 29/04/2012]

Searching for "*babylon*"
C:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Babylon	d------	[19:35 25/08/2012]

Searching for "*InboxToolbar*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\10252012_145451\C_Users\ann\AppData\Roaming\Bandoo	d------	[14:41 29/05/2012]

Searching for "*IncrediMail*"
C:\ProgramData\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\All Users\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2	d------	[16:05 29/04/2012]

Searching for "*Inbox.com*"
No folders found.

Searching for "*HiYo*"
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar	d------	[16:05 29/04/2012]

Searching for "*MyWebSearchService*"
No folders found.

Searching for "*215Apps*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*AVG Secure Search*"
C:\Program Files (x86)\Common Files\AVG Secure Search	d------	[11:51 14/10/2011]

Searching for "*Claro LTD*"
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Temp\mt_ffx\Claro LTD	d------	[14:34 03/11/2012]

Searching for "*Inbox Toolbar*"
C:\_OTL\MovedFiles\10252012_145451\C_Program Files (x86)\Inbox Toolbar	d------	[13:54 25/10/2012]

Searching for "*Yontoo*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_YontooSetup-S-1B_1a115f7c353b5273275381d6bf1b732876a0f2a3_1b479629	d----c-	[19:37 25/08/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_YontooSetup-S-1B_1a115f7c353b5273275381d6bf1b732876a0f2a3_1b479629	d----c-	[19:37 25/08/2012]

Searching for "*boost_interprocess*"
No folders found.

Searching for "*Tarma Installer*"
No folders found.

Searching for "*Wajam*"
No folders found.

Searching for "*PriceGong*"
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong	d------	[16:06 29/04/2012]

Searching for "*SmartBar*"
No folders found.

Searching for "*Fun Web Products*"
No folders found.

Searching for "*Cr_Installer*"
No folders found.

-= EOF


----------



## eddie5659

Excellent, now to see what the registry has to show us next 

So, once again, using SystemLook, can you use the following code, making sure the *:regfind* is at the very beginning, and then post the log it produces 



Code:


:regfind
Searchqu
MyWebSearch
BabylonToolbar
Sidekick
iNTERNET_TURBO
Conduit
PricePeep
FunWebProducts
babylon
InboxToolbar
Bandoo
IncrediMail
Inbox.com
HiYo
MyWebSearchService
215Apps
Crossrider
Ask.com
AVG Secure Search
Claro LTD
Inbox Toolbar
Yontoo
boost_interprocess
Tarma Installer
Wajam
PriceGong
SmartBar
Fun Web Products
Cr_Installer
I Want This
f3ScrCtr.dll
f3PopularScreensavers
{D518921A-4A03-425E-9873-B9A71756821E}
{CF54BE1C-9359-4395-8533-1657CF209CFE}
{F42228FB-E84E-479E-B922-FBBD096E792C}
{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
{00A6FAF1-072E-44cf-8957-5838F569A31D}
{07B18EA1-A523-4961-B6BB-170DE4475CCA}
{11111111-1111-1111-1111-110011501158}
{44444444-4444-4444-4444-440044504458}
{55555555-5555-5555-5555-550055505558}
{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
{1093995A-BA37-41D2-836E-091067C4AD17}
{147A976F-EEE1-4377-8EA7-4716E4CDD239}
{22222222-2222-2222-2222-220022502258}
{25560540-9571-4D7B-9389-0F166788785A}
{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
{33333333-3333-3333-3333-330033503358}
{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
{147A976F-EEE1-4377-8EA7-4716E4CDD239}
{3E1656ED-F60E-4597-B6AA-B6A58E171495}
{3E720452-B472-4954-B7AA-33069EB53906}
{3E720450-B472-4954-B7AA-33069EB53906}
{3E720451-B472-4954-B7AA-33069EB53906}
{3E720452-B472-4954-B7AA-33069EB53906}
{53CED2D0-5E9A-4761-9005-648404E6F7E5}
{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
{8E6F1830-9607-4440-8530-13BE7C4B1D14}
{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
{84DA4FDF-A1CF-4195-8688-3E961F505983}
{8E6F1832-9607-4440-8530-13BE7C4B1D14}
{938AA51A-996C-4884-98CE-80DD16A5C9DA}
{29D67D3C-509A-4544-903F-C8C1B8236554}
{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
{98D9753D-D73B-42D5-8C85-4469CDA897AB}
{9FF05104-B030-46FC-94B8-81276E4E27DF}
{A9571378-68A1-443d-B082-284F960C6D17}
{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
{B813095C-81C0-4E40-AA14-67520372B987}
{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
{CFF4CE82-3AA2-451F-9B77-7165605FB835}
{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
{72EE7F04-15BD-4845-A005-D6711144D86A}
{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}
{9170B96C-28D4-4626-8358-27E6CAEEF907}
{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
{F138D901-86F0-4383-99B6-9CDD406036DA}
{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
{01947140-417F-46B6-8751-A3A2B8345E1A}
{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}
{D858DAFC-9573-4811-B323-7011A3AA7E61}
{00A6FAF6-072E-44CF-8957-5838F569A31D}
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
{98889811-442D-49DD-99D7-DC866BE87DBC}
{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
:reg
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
:dir
C:\Windows\Installer
:file
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll

eddie


----------



## sweetrose

hello Eddie.will do all that tomorrow for you and post it .good night Eddie.....


----------



## sweetrose

regfind
Searchqu
MyWebSearch
BabylonToolbar
Sidekick
iNTERNET_TURBO
Conduit
PricePeep
FunWebProducts
babylon
InboxToolbar
Bandoo
IncrediMail
Inbox.com
HiYo
MyWebSearchService
215Apps
Crossrider
Ask.com
AVG Secure Search
Claro LTD
Inbox ToolbarYontoo
boost_interprocess
Tarma Installer
Wajam
PriceGong
SmartBar
Fun Web Products
Cr_Installer

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3988062791]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\4212656670]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\630154571]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\822961412]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USNC0328</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>62</F_MIN><F_MAX>83</F_MAX><C_MIN>16</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:26 am</SUNRISE><MOONRISE>1:07 pm</MOONRISE><MOONSET>1:59 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>65</F_MIN><F_MAX>80</F_MAX><C_MIN>18</C_MIN><C_MAX>26</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:25 am</SUNRISE><MOONRISE>2:09 pm</MOONRISE><MOONSET>2:34 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1112356]
"Url"="http://alerts.conduit-services.com/root/1116652/1112356/UK"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Url"="http://alerts.conduit-services.com/root/1358172/1353832/UK"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.3.3]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_CT2966447]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_en]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\1041586924]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2047538177]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2065566893]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2199667545]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2513704965]
"dbname"="conduit_CT2966447_en"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3245736424]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3891058176]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3928070667]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\883185015]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>UKXX0816</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>45</F_MIN><F_MAX>57</F_MAX><C_MIN>7</C_MIN><C_MAX>13</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:20 pm</SUNSET><SUNRISE>5:37 am</SUNRISE><MOONRISE>12:08 pm</MOONRISE><MOONSET>2:10 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>50</F_MIN><F_MAX>63</F_MAX><C_MIN>10</C_MIN><C_MAX>17</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:22 pm</SUNSET><SUNRISE>5:35 am</SUNRISE><MOONRISE>1:21 pm</MOONRISE><MOONSET>2:36 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><COND
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_CT2724386]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_en]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\1294889498]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2210672486]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2416739021]
"dbname"="conduit_CT2724386_en"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3491906516]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3988062791]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\4212656670]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\630154571]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\822961412]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERSS-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USNC0328</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>62</F_MIN><F_MAX>83</F_MAX><C_MIN>16</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:26 am</SUNRISE><MOONRISE>1:07 pm</MOONRISE><MOONSET>1:59 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>65</F_MIN><F_MAX>80</F_MAX><C_MIN>18</C_MIN><C_MAX>26</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:25 am</SUNRISE><MOONRISE>2:09 pm</MOONRISE><MOONSET>2:34 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION

Searching for "PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]

Searching for "FunWebProducts"
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]

Searching for "InboxToolbar"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]

Searching for "IncrediMail"
[HKEY_CURRENT_USER\Software\Clients\Mail]
@="IncrediMail"
[HKEY_CURRENT_USER\Software\IncrediMail]
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_CURRENT_USER\Software\SweetIM\Install]
"Previous.HKCU.Start Page"="http://mystart.incredimail.com/mb72?a=nuyk1pqmbx"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"item"="IncrediMail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"command"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\Bin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{01196CF3-A97E-4CAB-AB87-D6F3A48D6AD0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0764C0CC-7A86-4765-B0B6-9CA2A93F06E7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{07C4D36C-62D4-4D4B-8D8B-D1CF14BAFC7E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{09D2DBAB-C227-41D1-BAA0-7DF27CF733F2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0B248F59-5C20-4DA8-8942-60C29CAE8140}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0C14A18B-C2AC-4669-86E4-B9E73BE84718}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0CAA856A-58A6-4A9F-90B2-555C261B3F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{109056AE-5DE4-4EAE-91CB-6BB390A09A59}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1190927C-0CA1-498D-812F-21A32E20C88B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{132C7AA8-241D-49C7-B908-8223AA880F6A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{18808474-BF2B-4501-AE58-22914203D66C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1947E5E1-F1D7-4E50-9FC6-0B9D8A279E8D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{194AFDE0-4FFA-46E2-AD4C-56213B86EB24}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1D63DEA0-1C10-4705-81EE-86BA1C9445C1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1E9E5D28-DF38-4A3E-BD93-16143B6D5161}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{23E41B8B-DDDE-4FC5-90E0-D309639FA056}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{251A17B1-A3C8-4D3A-A7D8-8263B3F384EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{25E53664-29F4-4705-91D4-62F10E642451}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2717B5A6-84A9-410A-8A42-CE27CB779CCD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A3F5A21-8665-4DBD-9BD2-7A88A001E4BD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A53D07B-D668-4656-9D1E-C9862E7E8DB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2AAFE8D5-FB97-4798-BE6C-823BE84F22ED}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2B89B57D-8B42-474B-9A46-D5424878E4BF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2E8A33E4-B57B-4F09-9BC1-8C5AB6CB5223}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{34B4B5E4-6EFD-4C33-8F14-ADB675C31F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{35180BF0-14A8-4DF2-97A9-1892D2FF46F1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3AEF0E06-B06D-44B9-A019-0A6C317C979D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3BDC7D91-1C7D-471E-B6C6-A3510E0E79E6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3DDAE38B-6A10-4070-9671-DA595F8A9C18}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{40C815FD-5C64-4E20-8ED1-0F2D1BF4706C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{43E0895E-1896-445D-B8D1-4BF2667F5439}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{44A7185B-21E9-463C-8B7A-AAF720497BAC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{46BE39D0-31AA-49F2-BC4E-77A71B2568B4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{47E48499-939C-497C-9F67-9AFB489E214B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4AE8FF68-2CE6-419B-BE74-A70EEB12AF27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4C448A7E-528C-4DC9-9F5A-132DBBB5BAE4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4F14A10F-A49D-4D90-8EFC-750E2DE542C5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{54B87B0C-3BC4-4CAE-94E7-4A917E65C9B6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{578BC8DD-3211-423B-AD26-39F907B1BE62}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5801CC77-1E03-44F9-AF1E-DA0D5AD9231A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{58F47CA4-34B8-44CE-A79A-9073E55164D9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{595CB421-00D3-4E28-996B-11DFBBD68346}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5BD9DB75-E1F5-4659-A79B-DC5D6C7899D0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5E2291A7-EE52-4655-AEBE-45E91FB16A64}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F361939-467F-448E-B99B-04929AB31F16}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F5071A6-74A5-4E9A-8592-255121BEAB1D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{649B7494-1829-481E-9063-EC63E8B4DE74}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7388F73B-495E-4037-B5B2-10DBF7F20012}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7532F775-18B4-4518-BAB8-7BA07A8B966F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7BF844DF-6225-4800-9DED-87A359D3BD01}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7D44BD65-D99A-4248-9981-6367C9910A5F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7E2E1AFB-85DC-4716-92BF-981E483A4706}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7EED807D-ABE5-482C-87CC-0A610B5AD14D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8433493E-6DAA-42E1-949D-5CEDD29EEE81}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{85364EFF-D52B-4266-BBFB-C27C03C62B56}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8A1EA157-6F51-414B-B83B-CEC4B010D6E2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8C0C3CD8-25E3-41C6-92D0-56A3FF5ED2E1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{90DD0D61-009F-4805-A714-956C0B2F51EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9112AEE4-04D0-49A1-B794-852585702461}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{95513B5D-7E7F-4963-82D9-5709E57F7908}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{96E130A0-8F5D-4CEF-9D6E-893CC709D5CD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9C88AB9F-936E-479D-B4A6-6AC386700312}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9FD9F8A0-06BE-4F26-92EC-89E5B047FA2E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A0953278-741A-43F6-92C9-A9B147CA691A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A28880ED-C6CD-4467-A340-DCC48941B640}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A9272F22-D0C1-4E0B-8DD9-B2C55B88E7FC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B18CEA45-08C4-44F4-B079-EB9FD8D3C66E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B24EA274-F645-4A7B-8463-2E799E23CD27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B39A875C-9E5B-4C1A-9137-F4C46DBE2A32}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B67DDF5A-3B6B-4E0B-98E5-9CA9AB65EF28}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BE4E2255-3827-47D8-900C-C02E960D2361}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BF00389C-CC6F-4B99-B473-A2BD4882947E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C1EA2691-0130-49E4-8EA4-F8966B892393}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C531BFEE-8994-47DD-9687-DA13DE38F0C9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D519E5CB-392E-41DA-9317-E908F12C3241}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D73E2035-9FD9-4F48-8FA3-5C829439EFC8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D766A57D-EDC0-4A5D-99D5-040CECA4243A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D820E2E9-452D-4CE8-83D4-FC32D8EC0295}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D8AEC21F-E3BA-4EFA-A66B-A2657623BEB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D9399675-900F-489B-AA91-4B69567999E5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{DB4CA8A9-279C-44F0-AE35-79CFECC1ED42}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E3E4EDD2-55B5-4764-9DEC-A84EDE963EF8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E61E0414-2E23-433E-B6ED-68AE02DF85AE}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E7377AFF-D892-4EE3-AA61-06D7434B40D3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E984453A-44FD-48E6-880D-73AF61F1BE53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EC1A3858-E483-4D91-AA28-B62F09ADF75C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EE546098-5A39-4870-9678-82BC9220D213}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{F9752AC4-9B3F-435D-A942-012F1FC997C7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FAAE75FC-3CA5-4800-ADA3-9BCF887DFA53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FBFACA01-2994-457B-B3A8-4F92759BA3A2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FEE9B36E-2CFB-4537-829B-50DEC559E875}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FF249D89-5CD7-40B5-BB82-D081E65EE1C3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Welcome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Facebook\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Licenses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\065EFC441E38F9C47AE53FD0108F15DE]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_LTWIZ.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\286FB5A04FCEF1D4DB63DA74A77F000A]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_SYSTEM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C9DF4B668FE918488AC070320498756]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_PREM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-40


----------



## sweetrose

8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayName"="IncrediMail MediaBar 2"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"WebServerUrl"="http://IncrediMailMediaBar2.OurToolbar.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"HomePageUrl"="http://www.incredimail.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"RadioHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_5"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"WeatherHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_8"
[HKEY_USERS\.DEFAULT\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Clients\Mail]
@="IncrediMail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\SweetIM\Install]
"Previous.HKCU.Start Page"="http://mystart.incredimail.com/mb72?a=nuyk1pqmbx"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayName"="IncrediMail MediaBar 2"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"WebServerUrl"="http://IncrediMailMediaBar2.OurToolbar.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"HomePageUrl"="http://www.incredimail.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"RadioHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"WeatherHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-18\Software\IncrediMail]

Searching for "Inbox.com"
No data found.

Searching for "HiYo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Title"="HiYo Bar Notifications"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ToolbarDllName"="tbHiYo.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayName"="HiYo Bar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"WebServerUrl"="http://HiYoBar.OurToolbar.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"HomePageUrl"="http://hiyo.com/english/splash.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"RadioHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"WeatherHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Title"="HiYo Bar Notifications"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ToolbarDllName"="tbHiYo.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayName"="HiYo Bar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"WebServerUrl"="http://HiYoBar.OurToolbar.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"HomePageUrl"="http://hiyo.com/english/splash.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"RadioHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"WeatherHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_8"

Searching for "MyWebSearchService"
No data found.

Searching for "215Apps"
No data found.

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
@="ICrossriderBHO"

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
 firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name] 4
www.ticketmaster.com 1
first
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\ ask_32x.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\assets\oobe\b.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\TaskScheduler.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\UpdateTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\defaults.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\askcom.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\about.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name]

Searching for "AVG Secure Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
@="AVG Secure Search.PugiObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.4\avg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=""C:\Program Files (x86)\AVG Secure Search\vprot.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=""C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG cure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "Claro LTD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"

Searching for "Inbox Toolbar"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]

Searching for "boost_interprocess"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "Wajam"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]

Searching for "PriceGong"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"

Searching for "SmartBar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

Searching for "Fun Web Products"
No data found.

Searching for "Cr_Installer"
No data found.

Searching for "I Want This"
No data found.

Searching for "f3ScrCtr.dll"
No data found.

Searching for "f3PopularScreensavers"
No data found.

Searching for "{D518921A-4A03-425E-9873-B9A71756821E}"
No data found.

Searching for "{CF54BE1C-9359-4395-8533-1657CF209CFE}"
No data found.

Searching for "{F42228FB-E84E-479E-B922-FBBD096E792C}"
No data found.

Searching for "{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}"
No data found.

Searching for "{00A6FAF1-072E-44cf-8957-5838F569A31D}"
No data found.

Searching for "{07B18EA1-A523-4961-B6BB-170DE4475CCA}"
No data found.

Searching for "{11111111-1111-1111-1111-110011501158}"
No data found.

Searching for "{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"

Searching for "{55555555-5555-5555-5555-550055505558}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]

Searching for "{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}"
No data found.

Searching for "{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}"
No data found.

Searching for "{1093995A-BA37-41D2-836E-091067C4AD17}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{22222222-2222-2222-2222-220022502258}"
No data found.

Searching for "{25560540-9571-4D7B-9389-0F166788785A}"
No data found.

Searching for "{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}"
No data found.

Searching for "{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}"
No data found.

Searching for "{33333333-3333-3333-3333-330033503358}"
No data found.

Searching for "{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}"
No data found.

Searching for "{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{3E1656ED-F60E-4597-B6AA-B6A58E171495}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720450-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720451-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{53CED2D0-5E9A-4761-9005-648404E6F7E5}"
No data found.

Searching for "{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}"
No data found.

Searching for "{8E6F1830-9607-4440-8530-13BE7C4B1D14}"
cure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "Claro LTD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"

Searching for "Inbox Toolbar"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]

Searching for "boost_interprocess"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "Wajam"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]

Searching for "PriceGong"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"

Searching for "SmartBar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

Searching for "Fun Web Products"
No data found.

Searching for "Cr_Installer"
No data found.

Searching for "I Want This"
No data found.

Searching for "f3ScrCtr.dll"
No data found.

Searching for "f3PopularScreensavers"
No data found.

Searching for "{D518921A-4A03-425E-9873-B9A71756821E}"
No data found.

Searching for "{CF54BE1C-9359-4395-8533-1657CF209CFE}"
No data found.

Searching for "{F42228FB-E84E-479E-B922-FBBD096E792C}"
No data found.

Searching for "{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}"
No data found.

Searching for "{00A6FAF1-072E-44cf-8957-5838F569A31D}"
No data found.

Searching for "{07B18EA1-A523-4961-B6BB-170DE4475CCA}"
No data found.

Searching for "{11111111-1111-1111-1111-110011501158}"
No data found.

Searching for "{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"

Searching for "{55555555-5555-5555-5555-550055505558}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]

Searching for "{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}"
No data found.

Searching for "{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}"
No data found.

Searching for "{1093995A-BA37-41D2-836E-091067C4AD17}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{22222222-2222-2222-2222-220022502258}"
No data found.

Searching for "{25560540-9571-4D7B-9389-0F166788785A}"
No data found.

Searching for "{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}"
No data found.

Searching for "{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}"
No data found.

Searching for "{33333333-3333-3333-3333-330033503358}"
No data found.

Searching for "{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}"
No data found.

Searching for "{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{3E1656ED-F60E-4597-B6AA-B6A58E171495}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720450-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720451-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{53CED2D0-5E9A-4761-9005-648404E6F7E5}"
No data found.

Searching for "{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}"
No data found.

Searching for "{8E6F1830-9607-4440-8530-13BE7C4B1D14}"cure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "Claro LTD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"

Searching for "Inbox Toolbar"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]

Searching for "boost_interprocess"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "Wajam"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]

Searching for "PriceGong"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"

Searching for "SmartBar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

Searching for "Fun Web Products"
No data found.

Searching for "Cr_Installer"
No data found.

Searching for "I Want This"
No data found.

Searching for "f3ScrCtr.dll"
No data found.

Searching for "f3PopularScreensavers"
No data found.

Searching for "{D518921A-4A03-425E-9873-B9A71756821E}"
No data found.

Searching for "{CF54BE1C-9359-4395-8533-1657CF209CFE}"
No data found.

Searching for "{F42228FB-E84E-479E-B922-FBBD096E792C}"
No data found.

Searching for "{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}"
No data found.

Searching for "{00A6FAF1-072E-44cf-8957-5838F569A31D}"
No data found.

Searching for "{07B18EA1-A523-4961-B6BB-170DE4475CCA}"
No data found.

Searching for "{11111111-1111-1111-1111-110011501158}"
No data found.

Searching for "{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"

Searching for "{55555555-5555-5555-5555-550055505558}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]

Searching for "{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}"
No data found.

Searching for "{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}"
No data found.

Searching for "{1093995A-BA37-41D2-836E-091067C4AD17}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{22222222-2222-2222-2222-220022502258}"
No data found.

Searching for "{25560540-9571-4D7B-9389-0F166788785A}"
No data found.

Searching for "{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}"
No data found.

Searching for "{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}"
No data found.

Searching for "{33333333-3333-3333-3333-330033503358}"
No data found.

Searching for "{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}"
No data found.

Searching for "{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
No data found.

Searching for "{147A976F-EEE1-4377-8EA7-4716E4CDD239}"
No data found.

Searching for "{3E1656ED-F60E-4597-B6AA-B6A58E171495}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720450-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720451-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{3E720452-B472-4954-B7AA-33069EB53906}"
No data found.

Searching for "{53CED2D0-5E9A-4761-9005-648404E6F7E5}"
No data found.

Searching for "{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}"
No data found.

Searching for "{8E6F1830-9607-4440-8530-13BE7C4B1D14}"


----------



## eddie5659

Thanks for the list. As you can tell, there is a lot there, more than I thought would be. So, give me a few mins, to see if we can remove these another way, which should remove the majority of the entries above.

Back in a bit, need to have a think


----------



## sweetrose

ok EDDIE..i see there was think you may need to eat frist and a drink too.......lol


----------



## eddie5659

It was a mixture of all 3 

I'm just trying to test something to see if it will work, then I'll post it up. Most of the above are plugins, so if we can remove them that way, then the files associated with them should go as well


----------



## sweetrose

EDDIE did you eat....i hope im not stoping you........


----------



## eddie5659

Don't worry, ate a bit ago, as I took a break for some pasta 

The things I'm testing takes a while to run, so I just do something whilst I wait


----------



## sweetrose

glad you got somthink to eat EDDIE..

i will be up tell about 10 or so ......so if i dont get yr meassa tonight i will get it in the moring


----------



## eddie5659

Okay, we need to take a look at any addons that you have, so can you do the following with OTL, and post the log it creates 

Open up OTL, and make sure that the following are selected. I've posted a screenshot, so that you can compare 


When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.










When the scan completes, it will open one notepad window. *OTL.Txt*. This is saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them here.

eddie


----------



## sweetrose

Eddie i cant find that download .....


----------



## sweetrose

cant find OTL


----------



## eddie5659

It should still be in your Download folder, but if not, get it here:

Download *OTL* to your Desktop


----------



## sweetrose

running it now Eddie then i will post what comes up when done


----------



## sweetrose

TL logfile created on: 11/24/2012 7:30:33 PM - Run 15
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 20.82% Memory free
3.74 Gb Paging File | 1.67 Gb Available in Paging File | 44.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 77.21 Gb Free Space | 66.31% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PC Utilities Pro)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll ()
MOD - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

========== Services (SafeList) ==========

SRV:*64bit:* - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:*64bit:* - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:*64bit:* - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:*64bit:* - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:*64bit:* - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:*64bit:* - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:*64bit:* - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes,DefaultScope = {400E7EA1-093B-4D0E-90AC-CAAEF713611E}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 15:31:30 | 000,000,000 | ---D | M]

[2012/11/03 14:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ann\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: iNTERNET TURBO = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.18.20_0\
CHR - Exten


----------



## sweetrose

Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/08 19:30:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 18:49:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E11BD010-F910-4139-A73C-4C62852613A6}
[2012/11/24 17:19:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5A573522-0EB2-415E-9B89-9C81A50F19A0}
[2012/11/24 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{20477DF0-97D2-4463-951E-C9B56B1A3ACF}
[2012/11/23 19:44:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C3D847D1-1725-4FC5-A633-AF2AD752ED82}
[2012/11/23 07:44:18 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1CC79483-EB0D-44D3-8D6A-BFBA5E569BE1}
[2012/11/22 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{93EBA13C-91B2-4E36-9FAD-36ADC66D1E04}
[2012/11/22 07:38:38 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{97257381-437F-488C-8C66-5568F60BBC35}
[2012/11/21 13:43:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{818B0254-79E8-4309-97D3-1947ACB42AC1}
[2012/11/20 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{787E91F5-A653-4725-8885-FBF787D6638D}
[2012/11/20 08:15:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{67E97E25-1BFE-4AD6-A683-52D4ED1F2F69}
[2012/11/19 13:40:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7A4603AB-2A89-4FB0-B67A-63F4F2E39193}
[2012/11/18 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{342C79D0-05A8-43B4-97F6-8985B4047A13}
[2012/11/18 07:46:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E64FD8D5-C228-441D-A806-D3FDBCC39FC0}
[2012/11/17 14:43:43 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 14:43:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 14:30:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/17 14:30:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/17 14:30:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/17 14:30:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/17 14:30:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/17 14:30:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/17 14:30:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/17 14:30:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/17 14:30:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/17 14:30:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/17 14:30:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/17 14:30:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/17 14:30:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/17 14:30:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/17 14:30:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/17 14:27:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 14:27:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 14:27:55 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/17 14:27:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8B57BE8C-F977-4AAB-A58A-C953FDF9A9BB}
[2012/11/16 20:47:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/16 20:47:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/16 20:47:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/16 20:47:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/16 20:47:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/16 20:47:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/16 20:47:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/16 20:47:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/16 20:47:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/16 20:45:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 20:45:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/16 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8EE89E36-A51F-4EA3-A1F3-B0E6752CEB9C}
[2012/11/16 07:51:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{76DF92E7-8319-4B3F-B8D2-499B76A2D196}
[2012/11/15 23:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/15 23:30:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/15 23:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/15 18:00:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1FDDBE8B-C69A-42C8-8331-BCE321E4BAC4}
[2012/11/12 21:26:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/12 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2B6A13A4-BEEA-4FDF-B728-AFF06A71D3B3}
[2012/11/12 13:32:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/11 07:11:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{C865A6F9-59E7-4AD4-94C2-5BFF3A10014F}
[2012/11/10 14:21:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CCE27A9F-C4BA-40D5-8FB9-112F2CE649CD}
[2012/11/09 13:53:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9A4D0091-26D6-4A11-9220-446C9BD698A1}
[2012/11/09 07:19:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/08 19:18:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/08 19:18:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/08 19:18:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/08 19:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/08 19:17:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/08 17:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/08 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7E19A03D-E106-4117-AFBC-E50545520C15}
[2012/11/07 13:51:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CB8193D7-AA86-44CD-978B-8A6975F8497B}
[2012/11/06 23:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/06 17:46:49 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{AB59E3A1-B7C8-4415-BBDE-00214470A6DE}
[2012/11/05 15:45:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/05 14:28:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EDEB8C18-48B3-4686-9656-D4A9075320BF}
[2012/11/04 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{76B8F975-4416-4443-BAC0-188C0E9CA978}
[2012/11/03 14:35:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVUS
[2012/11/03 14:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVUS
[2012/11/03 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Fighters
[2012/11/03 14:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/11/03 14:29:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{416C80D4-B420-4528-A55D-66171DE860E2}
[2012/11/02 19:34:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A33DA9D8-AF45-435F-AB03-76412765B12A}
[2012/11/02 07:33:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{8546C424-C75F-48C3-9ED4-C2AF53CF5B61}
[2012/11/01 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{504E70A0-8180-427A-BBA9-1FEE909AC607}
[2012/11/01 07:32:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{78EC496F-F47E-4DE4-874B-661237906A22}
[2012/10/31 19:13:57 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BC594FB2-610D-4DBD-9B00-E4D52C7E30D1}
[2012/10/31 07:13:30 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1058E6FA-6663-4D7C-929E-40BFB5C9DFA3}
[2012/10/30 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{740675D2-2D1A-4CC9-BACC-7D0B36A1E651}
[2012/10/30 07:09:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D29CA16C-A397-4582-A4AA-1D92CE1752CF}
[2012/10/29 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{50F9E228-E55C-4810-BC3E-7591833B9C0E}
[2012/10/28 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B56B6020-F5E3-4571-B805-9FB75DBA34D7}
[2012/10/28 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{107265E1-6467-47F9-B58A-D9E9318E1A45}
[2012/10/27 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D4E7C282-BFE4-458D-94A2-FABE9C279B3C}
[2012/10/26 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7D35E905-9A33-4D98-A22E-1188C8EF5EA7}
[2012/10/26 17:11:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/26 17:11:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/26 17:11:11 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/26 06:42:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{55AA1DDB-378E-42F0-8EC4-5B76DD6CFA88}

========== Files - Modified Within 30 Days ==========

[2012/11/24 19:34:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 19:33:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2012/11/24 19:10:58 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:10:58 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:03:46 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/24 19:03:35 | 000,001,060 | ---- | M] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/11/24 19:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 19:03:01 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 15:33:53 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2012/11/18 07:47:10 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/18 07:47:10 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/18 07:47:10 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/17 16:39:03 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/15 23:32:58 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 19:30:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/08 17:53:38 | 000,000,696 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/11/08 17:53:16 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/08 14:36:40 | 000,002,485 | ---- | M] () -- C:\Users\ann\Desktop\Google Chrome.lnk
[2012/11/06 14:11:58 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/06 13:51:33 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/05 14:27:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite
[2012/11/03 20:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/11/03 14:38:16 | 000,000,571 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog

========== Files Created - No Company Name ==========

[2012/11/17 14:43:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 14:27:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/15 23:30:16 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/08 19:18:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 19:18:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 19:18:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 19:18:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 19:18:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/05 14:27:27 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/05 14:27:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite
[2012/11/03 20:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/11/03 14:38:16 | 000,000,571 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2012/09/02 12:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 07:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 19:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 19:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 14:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 14:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 16:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 16:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 18:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 18:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 11:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 10:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 13:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 13:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 13:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 13:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 12:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 13:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 07:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 17:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/12/16 07:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/12/16 07:16:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/19 13:50:39 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG
[2012/11/14 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013
[2011/10/13 14:39:53 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/05 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Farm Mania 2
[2012/11/03 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Fighters
[2012/08/25 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Optimizer Pro
[2012/09/18 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Registry Mechanic
[2011/02/06 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Toshiba
[2012/10/03 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software
[2011/04/20 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Vodafone
[2012/10/17 08:03:45 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\WildTangent
[2011/04/18 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >


----------



## eddie5659

Okay, now I see you have Chrome, which is probably why we can't remove the iNternet Turbo program. So, lets remove the two that I want uninstalled, as once these are gone, it should clear up a lot of the entries.

So, firstly, make sure you're in Chrome. To do this, go to Start | Programs, and look for this:










Click on it, and your home page will open. This is mine, though I never use Chrome 










Now, at the top is the *Address Bar*. In there, I want you to type, or copy/paste, the following, and then press the Enter key on your keyboard:

*chrome://extensions/*










Now, when the next page opens, it will have alot more than mine  :










Now, on yours, look for this one:

*iNTERNET TURBO*

When you see it, look for the little bin icon on the left (hover the mouse over it, and it moves to open):










Click on the Bin, and Extension will be deleted.










------------

Let me know if you manged to remove it okay 

eddie


----------



## sweetrose

eddie it wont open..


----------



## eddie5659

No, don't go into it.

Did you manage to get the above part, where it shows the extensions:

I'll remove the link you posted


----------



## sweetrose

i fand it but cant get into where you ask me


----------



## eddie5659

Can you see the one in there for *iNternet Turbo*? If so, can you see the little rubbish bin on the left?

If you can, click on it and it will delete iNternet Turbo.


----------



## sweetrose

EDDIE,i cant get into where the bins are


----------



## eddie5659

Are you opening up Google Chrome?

You just need to type this in at the top:

chrome://extensions/

Where the address for websites go.


----------



## sweetrose

iv done it Eddie


----------



## eddie5659

Sorry about last night, my pc had a little problem, so needed to work on it 

When you say you've done it, have you remove the Internet Toolbar using the bin?


----------



## sweetrose

hope yr pc is working ok now eddie.yes ..internet toolbar is in the bin


----------



## eddie5659

Kind of, its an ongoing issue, trying to figure out the cause is annoying 

Still, I'll get it solved 


Good to see the toolbar is now gone. I'm online a lot tonight, so will look at the next step


----------



## sweetrose

maybe you need a new one.........;.)


----------



## eddie5659

It is new, but I think its a hardware fault, but trying to figure out which part 

I need to check to see if any of the conduit and other entries have now gone, after the removal you just did. Do you still have the SystemLook program?

It will have this icon:










If not, redownload it from here:

*Download Link*

Now, what I need you to do is run a scan so we can see what's left:

So, once you've either downloaded SystemLook, or found the original in your Download folder, open it up so it looks like this:










Now, I've created some code below. Using the mouse, highlight everything as you did before, by dragging the mouse to make all the words blue, so that its from the *:folderfind* all the way down to **I Want This**

Then, right-click using your mouse and select *Copy*



Code:


:Filefind
*Conduit*
*PriceGong*
:Folderfind
*Conduit*
*IncrediMail*
*AVG Secure Search*
:regfind
Conduit
PricePeep
FunWebProducts
babylon
Bandoo
IncrediMail
HiYo
Crossrider
Ask.com
AVG Secure Search
Claro LTD
Yontoo
Wajam
PriceGong
{44444444-4444-4444-4444-440044504458}
{55555555-5555-5555-5555-550055505558}
{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Searchqu
MyWebSearch
BabylonToolbar
Sidekick
iNTERNET_TURBO
:reg
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
:dir
C:\Windows\Installer
:file
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll

Now, inside the SystemLook box, right-click with your mouse and select the *Paste* option:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished. Copy/Paste the contents of the log here, as before 

eddie


----------



## sweetrose

doing it now eddie...isyr comp ok now


----------



## eddie5659

It is, its something that happens now and then. Don't worry, will still be here, just a thing I want to solve.

Last time it happened was 2 months ago


----------



## sweetrose

glad its working ok now Eddie .for some reson every think went of so im doing it again


----------



## sweetrose

SystemLook 30.07.11 by jpshortstuff
Log created at 21:25 on 29/11/2012 by ann
Administrator - Elevation successful

========== Filefind ==========

Searching for "*Conduit*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage	--a---- 9216 bytes	[22:05 15/11/2012]	[18:25 18/11/2012] 6CB4D595A86AE972B067819E9565B825
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal	--a---- 9800 bytes	[22:05 15/11/2012]	[18:25 18/11/2012] C3C9F1503BD6656EE632D313A68CBBC7
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage	--a---- 1258496 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] 6037D8C80B0A1D888BE3B328285E2151
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal	--a---- 16384 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] C7FEDE19B09E15AFC6605C73FB1F7A4A
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage	--a---- 9216 bytes	[20:02 26/11/2012]	[21:59 26/11/2012] AEC17066749BABDE4ADC909B7F61B74D
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal	--a---- 9800 bytes	[20:02 26/11/2012]	[21:59 26/11/2012] 3024BB3475BB347EE4177A3B690FA167
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage	--a---- 11264 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] AFCCCCDF695A7439D57C0A49AE11D41C
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal	--a---- 11864 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] 0C41A60CC55C752DA5F48087791B4705
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160265771352500_gif.gif	--a---- 835 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3F1A79AFAB8DCB44F1E6F7E7698B78DA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160266957415000_png.png	--a---- 630 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 34C53CCB34F0D7730B29451E3A20F469
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160267103821250_gif.gif	--a---- 691 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 24A58B5BD0352E5B456A260BA6F16A9D
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_634160268272102500_png.png	--a---- 759 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9D3090156ADDE9CA1838BD94FBD07CEA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Facebook_xml-1-Facebook-634160268422883750_gif.gif	--a---- 1224 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A7E8C555187D42AEE147B9FC7D1AB79E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_86_272_CT2724386_Images_Weather_xml-7-Classic-634160269147271250_gif.gif	--a---- 1065 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C223894F1F55B287A2BAFAAE34DF7000
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 650731EEF807C292E699779B12CBE552
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png	--a---- 705 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 70B83DCDF7A6FA34240E1AA1D23EE535
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png	--a---- 746 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2AE805114215925E00858FD2FEFF1439
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6CFEA2D0DB786FDB4D72C1C1DE036822
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png	--a---- 338 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] DB45ACA16C515F2FD8CB3B6F5E4FC386
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png	--a---- 545 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6EB69BFCBFD422247C103705B532BFE1
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png	--a---- 514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7F396C3A400239B9B66DEC2D503D86BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png	--a---- 3355 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC261A170D34BE434129E71B9C2C0408
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 62C86296694EF7F41D380804A58EF5CA
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png	--a---- 415 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E42D284CC0436B66C1DB4AAFFCCC1957
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png	--a---- 461 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B4AEAC6600360BC4148538F716453AAC
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png	--a---- 699 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 640E17444F44717CA5039BCB7FD3551E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4924359782625844955_png.png	--a---- 637 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E3FA3219ACA7913D8E0575213B885A4D
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6427565C7105DC497287866100F260BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C3EBA0237D68F665AF6D663906221092
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE5A39669C623937C0839E079E1088D5
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif	--a---- 335 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 766433EF38BDA83C4FD4932027A4B9D5
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png	--a---- 1164 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 31739E90689A4A6E14D8782F8E4C3434
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7042 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5515 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage	--a---- 3072 bytes	[19:16 16/08/2012]	[19:16 16/08/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[19:16 16/08/2012]	[19:16 16/08/2012] 3458DC4F2D7DC8F065F6BDAE7E399C12
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage	--a---- 6144 bytes	[06:50 16/08/2012]	[18:53 18/08/2012] B64077FE749D879F581D2FCDBEC6CE52
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:50 16/08/2012]	[18:53 18/08/2012] 5EEB3DE79DF8A496F544F6F98E10BC52
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage	--a---- 6144 bytes	[14:42 16/08/2012]	[12:12 23/08/2012] 620D30CF38D7BC1F843CE340B6879697
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_images.search.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[14:42 16/08/2012]	[12:12 23/08/2012] D5A13FF2DA9666CF5300471E9DE23214
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage	--a---- 7168 bytes	[18:49 20/08/2012]	[18:49 20/08/2012] 92D0F7D50B50755027FB0EB427E560EC
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal	--a---- 6704 bytes	[18:49 20/08/2012]	[18:49 20/08/2012] 5B65B690E8663D68531FEF8EC5030253
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage	--a---- 3072 bytes	[06:50 16/08/2012]	[18:52 18/08/2012] 97E03A91DE78EE537362C9A452D7400C
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal	--a---- 3608 bytes	[06:50 16/08/2012]	[18:52 18/08/2012] DD601D89E621822391BFDEE69C41C3FE
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage	--a---- 7168 bytes	[20:52 15/08/2012]	[19:45 25/08/2012] 2DC925D143E264795C133D0F9461B4FE
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal	--a---- 7736 bytes	[20:52 15/08/2012]	[19:45 25/08/2012] AC76032C817693F90B46C593933D664D
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage	--a---- 3072 bytes	[06:22 16/08/2012]	[06:23 16/08/2012] 23C8C78DB5D9D8F47A6639EE8724DB12
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:22 16/08/2012]	[06:23 16/08/2012] 02C872E4E38CE6349586495577FF7C67
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage	--a---- 3072 bytes	[06:51 16/08/2012]	[06:54 16/08/2012] 545EA5083AC1C1CE0E814A5C1B2DA50A
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtubetop.conduitapps.com_0.localstorage-journal	--a---- 3608 bytes	[06:51 16/08/2012]	[06:54 16/08/2012] F620AB3F4449814B05AD0D74F0C20E6E
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7CTCPN7\storage.conduit[1].xml	--a---- 13 bytes	[17:55 20/07/2012]	[17:55 20/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQ9L342V\facebook.conduitapps[1].xml	--a---- 13 bytes	[17:55 20/07/2012]	[17:55 20/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\F06CZ93R\facebook.conduitapps[1].xml	--a---- 13 bytes	[16:40 03/06/2012]	[16:40 03/06/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\H5LPJWXY\storage.conduit[1].xml	--a---- 13 bytes	[12:50 21/09/2012]	[12:50 21/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\c_Users\ann\AppData\Roaming\Microsoft\Windows\Recent\ConduitEngine.lnk	--a---- 669 bytes	[07:27 14/10/2012]	[07:27 14/10/2012] 4CBE76C5D3115B6D1EE240E92E001FD4
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\42ZNCLYB\storage.conduit[1].xml	--a---- 13 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\USC71L2H\facebook.conduitapps[1].xml	--a---- 13 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1116652_1112356_UK.xml	--a---- 182 bytes	[18:06 29/04/2012]	[18:06 29/04/2012] F87C0B5A8F9D3BB69503C269B937D1D3
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1358172_1353832_UK.xml	--a---- 187 bytes	[16:07 29/04/2012]	[18:02 29/04/2012] A3E1EDBC04ECFB3A352640CD4A6E4F5F
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_3_3.xml	--a---- 10909 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 1B3B574AA349758343D3C80787B9739E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll	--a---- 3863136 bytes	[16:05 29/04/2012]	[14:02 12/09/2010] 895C4812245E244B2F81C71BAD0C4E55
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634357308105118750_png.png	--a---- 972 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7D58BF1AA07D1D6CAA0A5C0101B91F18
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120199365001_png.png	--a---- 1000 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 1A82B42403E7596662312EA62C76836E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_47_296_CT2966447_Images_634370120464208751_png.png	--a---- 1372 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E30DCBA828C56CEB8E653C7DF188AC9A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png	--a---- 821 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png	--a---- 729 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png	--a---- 531 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A847C5F6CE2C700048749892DD2E0619
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png	--a---- 669 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png	--a---- 263 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png	--a---- 734 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png	--a---- 562 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png	--a---- 493 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 275C9DA2D536F18F528C80E050C3D705
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png	--a---- 706 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png	--a---- 674 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 650731EEF807C292E699779B12CBE552
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png	--a---- 607 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_chevron_menu_gif.gif	--a---- 884 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 872292DE9C3484F16BDA3A0900533398
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif	--a---- 138 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D5E20EF49F3808A51AA78B090CBB4B12
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif	--a---- 119 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A5220F9E01F826B14FB6E2C3F4ECE421
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF	--a---- 465 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 02203C380AF50E00A0DFDB7C784F961A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF	--a---- 286 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 27B43532E7F5E4A6E339EFD8011C16F1
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif	--a---- 658 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 576E8AE9DA580108D5E93341140B6345
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif	--a---- 598 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 591233CBD455659937B107D87BE97E7C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif	--a---- 386 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93EAAC8DE4960D491628477809038DA5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 81BA97263822D545B98ECB1D676DB5F3
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif	--a---- 598 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BFB6AC32B680CC2DC9E3B042239BFB20
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif	--a---- 590 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EFFF305AD2F5AA1DB77F7786B490DC61
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif	--a---- 594 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] CE62E18B9DC4BE7EAB8D2D574128CE77
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_gif.gif	--a---- 652 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 74ED5324648F879B6CCEF58E2DF9E49D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_mini_gif.gif	--a---- 652 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 74ED5324648F879B6CCEF58E2DF9E49D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_gif.gif	--a---- 672 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D785EA3384FE734DBE31B821F6514F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_mini_gif.gif	--a---- 672 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] D785EA3384FE734DBE31B821F6514F94
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2F2AD66C23996419E7D8266ECDDA1F88
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_mini_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2F2AD66C23996419E7D8266ECDDA1F88
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_chevron_gif.gif	--a---- 1007 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] F9897266FC817421D83726AD3F4402FA
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_gif.gif	--a---- 661 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E6ABE3C5999EE1F0013004AA549B8E60
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_mini_gif.gif	--a---- 661 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E6ABE3C5999EE1F0013004AA549B8E60
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_gif.gif	--a---- 676 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 40A8862A7994FA5600025CFDF7A8B81E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_mini_gif.gif	--a---- 676 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 40A8862A7994FA5600025CFDF7A8B81E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BF6A9260886A9E4ACB4023A2EF9F610A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_mini_gif.gif	--a---- 1094 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] BF6A9260886A9E4ACB4023A2EF9F610A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_bg_gif.gif	--a---- 244 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 86E2DDD8337AF0386A656216B67EFF64
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_gif.gif	--a---- 129 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 556E84F732734EA045DBCF4DD6098BBB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_chevron_gif.gif	--a---- 1001 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 7428C0515D708D7C3520CF78F85B74FE
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif	--a---- 695 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6E6BA836B7FEE53CE498ECE354A9C2D9
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif	--a---- 703 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 253E89E7D1686D67C40FFB20FF78FEEF
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif	--a---- 1126 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B1BE39AC8F8DDBD990E30CD513A77ACA
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif	--a---- 703 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 64383A68A4B5EF32C30E151EB53F53E8
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif	--a---- 712 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 5AB7200023489A910B502A6EEE23674D
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif	--a---- 1132 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] B13B78C10FB60AB39EDB1951707360FC
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] A9E001CBC00B06B121DFBC80707F5298
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 6427565C7105DC497287866100F260BB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C3EBA0237D68F665AF6D663906221092
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif	--a---- 392 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 5E7217A3357550F9749A095631F51015
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif	--a---- 606 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 2A1D4FB45F62D3D260F2134228FAB05E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] AE5A39669C623937C0839E079E1088D5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif	--a---- 335 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 766433EF38BDA83C4FD4932027A4B9D5
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif	--a---- 173 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] E509575F473727B14C87367068C42353
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif	--a---- 379 bytes	[16:36 29/04/2012]	[16:36 29/04/2012] 8ACA902931FBDF51B3BB293D6E15D70F
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml	--a---- 7042 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml	--a---- 5515 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml	--a---- 6581 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 93DBA7DBB3A402F930076666BD7C539C
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml	--a---- 5514 bytes	[16:06 29/04/2012]	[16:06 29/04/2012] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml	--a---- 4942 bytes	[16:07 29/04/2012]	[16:07 29/04/2012] 213501875E79F6553804637337DDF997

Searching for "*PriceGong*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage	--a---- 1258496 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] 6037D8C80B0A1D888BE3B328285E2151
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal	--a---- 16384 bytes	[21:53 15/11/2012]	[19:13 27/11/2012] C7FEDE19B09E15AFC6605C73FB1F7A4A
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll	--a---- 390520 bytes	[10:13 06/10/2011]	[10:13 06/10/2011] 64CCC4B888265C203E80621D3F1742A7
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGong_16.png	--a---- 1101 bytes	[09:22 28/03/2010]	[09:22 28/03/2010] B5ECF14044E4FD55F61A7499D5687118

========== Folderfind ==========

Searching for "*Conduit*"
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386	d------	[16:06 29/04/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine	d------	[16:05 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en	d------	[16:06 29/04/2012]

Searching for "*IncrediMail*"
C:\ProgramData\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\All Users\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2	d------	[16:05 29/04/2012]

Searching for "*AVG Secure Search*"
C:\Program Files (x86)\Common Files\AVG Secure Search	d------	[11:51 14/10/2011]

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1112356]
"Url"="http://alerts.conduit-services.com/root/1116652/1112356/UK"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Url"="http://alerts.conduit-services.com/root/1358172/1353832/UK"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.3.3]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-


----------



## sweetrose

ppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_CT2966447]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_en]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\1041586924]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2047538177]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2065566893]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2199667545]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2513704965]
"dbname"="conduit_CT2966447_en"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3245736424]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3891058176]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3928070667]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\883185015]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>UKXX0816</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>45</F_MIN><F_MAX>57</F_MAX><C_MIN>7</C_MIN><C_MAX>13</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:20 pm</SUNSET><SUNRISE>5:37 am</SUNRISE><MOONRISE>12:08 pm</MOONRISE><MOONSET>2:10 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>50</F_MIN><F_MAX>63</F_MAX><C_MIN>10</C_MIN><C_MAX>17</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:22 pm</SUNSET><SUNRISE>5:35 am</SUNRISE><MOONRISE>1:21 pm</MOONRISE><MOONSET>2:36 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><COND
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_CT2724386]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_en]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\1294889498]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2210672486]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2416739021]
"dbname"="conduit_CT2724386_en"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3491906516]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3988062791]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\4212656670]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\630154571]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\822961412]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2724386"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USNC0328</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>62</F_MIN><F_MAX>83</F_MAX><C_MIN>16</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:26 am</SUNRISE><MOONRISE>1:07 pm</MOONRISE><MOONSET>1:59 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>65</F_MIN><F_MAX>80</F_MAX><C_MIN>18</C_MIN><C_MAX>26</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:25 am</SUNRISE><MOONRISE>2:09 pm</MOONRISE><MOONSET>2:34 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1112356]
"Url"="http://alerts.conduit-services.com/root/1116652/1112356/UK"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Url"="http://alerts.conduit-services.com/root/1358172/1353832/UK"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.3.3]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_CT2966447]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\conduit_CT2966447_en]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\1041586924]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2047538177]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2065566893]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2199667545]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\2513704965]
"dbname"="conduit_CT2966447_en"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3245736424]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3891058176]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\3928070667]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\Repository\MetaData\883185015]
"dbname"="conduit_CT2966447_CT2966447"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"Add


----------



## sweetrose

uffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>UKXX0816</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>45</F_MIN><F_MAX>57</F_MAX><C_MIN>7</C_MIN><C_MAX>13</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:20 pm</SUNSET><SUNRISE>5:37 am</SUNRISE><MOONRISE>12:08 pm</MOONRISE><MOONSET>2:10 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>50</F_MIN><F_MAX>63</F_MAX><C_MIN>10</C_MIN><C_MAX>17</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>8:22 pm</SUNSET><SUNRISE>5:35 am</SUNRISE><MOONRISE>1:21 pm</MOONRISE><MOONSET>2:36 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><COND
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_CT2724386]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\conduit_CT2724386_en]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\1294889498]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2210672486]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\2416739021]
"dbname"="conduit_CT2724386_en"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3491906516]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\3988062791]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\4212656670]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\630154571]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\Repository\MetaData\822961412]
"dbname"="conduit_CT2724386_CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2724386"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USNC0328</LOCATION_ID><DAYS><DAY1><DATE>20120429</DATE><DAY>Sunday</DAY><F_MIN>62</F_MIN><F_MAX>83</F_MAX><C_MIN>16</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>Very High</UV_DESCRIPTION><UV_INDEX>9</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:26 am</SUNRISE><MOONRISE>1:07 pm</MOONRISE><MOONSET>1:59 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Sunny</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/sunny_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120430</DATE><DAY>Monday</DAY><F_MIN>65</F_MIN><F_MAX>80</F_MAX><C_MIN>18</C_MIN><C_MAX>26</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>8:00 pm</SUNSET><SUNRISE>6:25 am</SUNRISE><MOONRISE>2:09 pm</MOONRISE><MOONSET>2:34 am</MOONSET><MOON_PHASE>Waxing Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION

Searching for "PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]

Searching for "FunWebProducts"
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]

Searching for "IncrediMail"
[HKEY_CURRENT_USER\Software\Clients\Mail]
@="IncrediMail"
[HKEY_CURRENT_USER\Software\IncrediMail]
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_CURRENT_USER\Software\SweetIM\Install]
"Previous.HKCU.Start Page"="http://mystart.incredimail.com/mb72?a=nuyk1pqmbx"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"item"="IncrediMail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"command"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\Bin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{01196CF3-A97E-4CAB-AB87-D6F3A48D6AD0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0764C0CC-7A86-4765-B0B6-9CA2A93F06E7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{07C4D36C-62D4-4D4B-8D8B-D1CF14BAFC7E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{09D2DBAB-C227-41D1-BAA0-7DF27CF733F2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0B248F59-5C20-4DA8-8942-60C29CAE8140}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0C14A18B-C2AC-4669-86E4-B9E73BE84718}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0CAA856A-58A6-4A9F-90B2-555C261B3F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{109056AE-5DE4-4EAE-91CB-6BB390A09A59}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1190927C-0CA1-498D-812F-21A32E20C88B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{132C7AA8-241D-49C7-B908-8223AA880F6A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{18808474-BF2B-4501-AE58-22914203D66C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1947E5E1-F1D7-4E50-9FC6-0B9D8A279E8D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{194AFDE0-4FFA-46E2-AD4C-56213B86EB24}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1D63DEA0-1C10-4705-81EE-86BA1C9445C1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1E9E5D28-DF38-4A3E-BD93-16143B6D5161}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{23E41B8B-DDDE-4FC5-90E0-D309639FA056}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{251A17B1-A3C8-4D3A-A7D8-8263B3F384EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{25E53664-29F4-4705-91D4-62F10E642451}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2717B5A6-84A9-410A-8A42-CE27CB779CCD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A3F5A21-8665-4DBD-9BD2-7A88A001E4BD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A53D07B-D668-4656-9D1E-C9862E7E8DB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2AAFE8D5-FB97-4798-BE6C-823BE84F22ED}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2B89B57D-8B42-474B-9A46-D5424878E4BF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2E8A33E4-B57B-4F09-9BC1-8C5AB6CB5223}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{34B4B5E4-6EFD-4C33-8F14-ADB675C31F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{35180BF0-14A8-4DF2-97A9-1892D2FF46F1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3AEF0E06-B06D-44B9-A019-0A6C317C979D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3BDC7D91-1C7D-471E-B6C6-A3510E0E79E6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3DDAE38B-6A10-4070-9671-DA595F8A9C18}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{40C815FD-5C64-4E20-8ED1-0F2D1BF4706C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{43E0895E-1896-445D-B8D1-4BF2667F5439}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{44A7185B-21E9-463C-8B7A-AAF720497BAC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{46BE39D0-31AA-49F2-BC4E-77A71B2568B4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{47E48499-939C-497C-9F67-9AFB489E214B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4AE8FF68-2CE6-419B-BE74-A70EEB12AF27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4C448A7E-528C-4DC9-9F5A-132DBBB5BAE4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4F14A10F-A49D-4D90-8EFC-750E2DE542C5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{54B87B0C-3BC4-4CAE-94E7-4A917E65C9B6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{578BC8DD-3211-423B-AD26-39F907B1BE62}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5801CC77-1E03-44F9-AF1E-DA0D5AD9231A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{58F47CA4-34B8-44CE-A79A-9073E55164D9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{595CB421-00D3-4E28-996B-11DFBBD68346}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5BD9DB75-E1F5-4659-A79B-DC5D6C7899D0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5E2291A7-EE52-4655-AEBE-45E91FB16A64}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F361939-467F-448E-B99B-04929AB31F16}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F5071A6-74A5-4E9A-8592-255121BEAB1D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{649B7494-1829-481E-9063-EC63E8B4DE74}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7388F73B-495E-4037-B5B2-10DBF7F20012}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7532F775-18B4-4518-BAB8-7BA07A8B966F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7BF844DF-6225-4800-9DED-87A359D3BD01}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7D44BD65-D99A-4248-9981-6367C9910A5F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7E2E1AFB-85DC-4716-92BF-981E483A4706}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7EED807D-ABE5-482C-87CC-0A610B5AD14D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8433493E-6DAA-42E1-949D-5CEDD29EEE81}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{85364EFF-D52B-4266-BBFB-C27C03C62B56}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8A1EA157-6F51-414B-B83B-CEC4B010D6E2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8C0C3CD8-25E3-41C6-92D0-56A3FF5ED2E1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{90DD0D61-009F-4805-A714-956C0B2F51EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9112AEE4-04D0-49A1-B794-852585702461}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{95513B5D-7E7F-4963-82D9-5709E57F7908}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{96E130A0-8F5D-4CEF-9D6E-893CC709D5CD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9C88AB9F-936E-479D-B4A6-6AC386700312}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9FD9F8A0-06BE-4F26-92EC-89E5B047FA2E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A0953278-741A-43F6-92C9-A9B147CA691A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A28880ED-C6CD-4467-A340-DCC48941B640}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A9272F22-D0C1-4E0B-8DD9-B2C55B88E7FC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B18CEA45-08C4-44F4-B079-EB9FD8D3C66E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B24EA274-F645-4A7B-8463-2E799E23CD27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B39A875C-9E5B-4C1A-9137-F4C46DBE2A32}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B67DDF5A-3B6B-4E0B-98E5-9CA9AB65EF28}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BE4E2255-3827-47D8-900C-C02E960D2361}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BF00389C-CC6F-4B99-B473-A2BD4882947E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C1EA2691-0130-49E4-8EA4-F8966B892393}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C531BFEE-8994-47DD-9687-DA13DE38F0C9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D519E5CB-392E-41DA-9317-E908F12C3241}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D73E2035-9FD9-4F48-8FA3-5C829439EFC8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D766A57D-EDC0-4A5D-99D5-040CECA4243A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D820E2E9-452D-4CE8-83D4-FC32D8EC0295}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D8AEC21F-E3BA-4EFA-A66B-A2657623BEB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D9399675-900F-489B-AA91-4B69567999E5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{DB4CA8A9-279C-44F0-AE35-79CFECC1ED42}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E3E4EDD2-55B5-4764-9DEC-A84EDE963EF8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E61E0414-2E23-433E-B6ED-68AE02DF85AE}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E7377AFF-D892-4EE3-AA61-06D7434B40D3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E984453A-44FD-48E6-880D-73AF61F1BE53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EC1A3858-E483-4D91-AA28-B62F09ADF75C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EE546098-5A39-4870-9678-82BC9220D213}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{F9752AC4-9B3F-435D-A942-012F1FC997C7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FAAE75FC-3CA5-4800-ADA3-9BCF887DFA53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FBFACA01-2994-457B-B3A8-4F92759BA3A2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FEE9B36E-2CFB-4537-829B-50DEC559E875}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FF249D89-5CD7-40B5-BB82-D081E65EE1C3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Welcome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Facebook\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Licenses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\065EFC441E38F9C47AE53FD0108F15DE]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_LTWIZ.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\286FB5A04FCEF1D4DB63DA74A77F000A]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_SYSTEM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C9DF4B668FE918488AC070320498756]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_PREM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayName"="IncrediMail MediaBar 2"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"WebServerUrl"="http://IncrediMailMediaBar2.OurToolbar.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"HomePageUrl"="http://www.incredimail.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"RadioHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_5"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"WeatherHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_8"
[HKEY_USERS\.DEFAULT\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Clients\Mail]
@="IncrediMail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\SweetIM\Install]
"Previous.HKCU.Start Page"="http://mystart.incredimail.com/mb72?a=nuyk1pqmbx"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"DisplayName"="IncrediMail MediaBar 2"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar]
"WebServerUrl"="http://IncrediMailMediaBar2.OurToolbar.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"HomePageUrl"="http://www.incredimail.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"RadioHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2\toolbar\settings]
"WeatherHelpUrl"="http://IncrediMailMediaBar2.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-18\Software\IncrediMail]

Searching for "HiYo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Title"="HiYo Bar Notifications"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ToolbarDllName"="tbHiYo.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayName"="HiYo Bar"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"WebServerUrl"="http://HiYoBar.OurToolbar.com/"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"HomePageUrl"="http://hiyo.com/english/splash.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"RadioHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"WeatherHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_8"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1353832]
"Title"="HiYo Bar Notifications"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"ToolbarDllName"="tbHiYo.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"DisplayName"="HiYo Bar"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar]
"WebServerUrl"="http://HiYoBar.OurToolbar.com/"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"HomePageUrl"="http://hiyo.com/english/splash.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"RadioHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar\toolbar\settings]
"WeatherHelpUrl"="http://HiYoBar.OurToolbar.com/help/#2_8"

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
@="ICrossriderBHO"

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name] 4
www.ticketmaster.com 1
first
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\ ask_32x.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\assets\oobe\b.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\TaskScheduler.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\UpdateTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\defaults.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\askcom.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\about.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name]

Searching for "AVG Secure Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
@="AVG Secure Search.PugiObj.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.4\avg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=""C:\Program Files (x86)\AVG Secure Search\vprot.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=""C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\ProgID]
@="AVG Secure Search.BrowserWndAPI.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}\VersionIndependentProgID]
@="AVG Secure Search.BrowserWndAPI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe"


----------



## sweetrose

Set\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "Claro LTD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}\LocalServer32]
@=""C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\Instl\Data]
"uninstaller"="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroEng.dll\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\0\win32]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\clarosrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Claro LTD\claro\1.8.3.10"

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]

Searching for "Wajam"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]

Searching for "PriceGong"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"server_req_url"="http://service6.pricegong.com/default.aspx"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"cx_server_location"="http://xml.pricegong.com/SiteXMLFolder"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"pr_link_text"="







"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong\Settings]
"rs_link_text"="







"

Searching for "{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}\TypeLib]
@="{44444444-4444-4444-4444-440044504458}"

Searching for "{55555555{8E6F1830-9607-4440-8530-13BE7C4B1D14}"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "MyWebSearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"

Searching for "BabylonToolbar"
No data found.

Searching for "Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]

Searching for "iNTERNET_TURBO"
No data found.

========== reg ==========

[HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1]
(Unable to open key - key not found)

[HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss]
(Unable to open key - key not found)

[dir]
Hive unrecognized.

[C:\Windows\Installer]
Hive unrecognized.

========== file ==========

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll - Unable to find/read file.

--------- - Unable to find/read file.

-= EOF =-


----------



## eddie5659

As you may guess, this may take a while to create a fix, as its a bit long 

I'll work on it now, and will post it tomorrow, as I'll check it before I post a few times


----------



## sweetrose

there is alot there eddie,,,it will take you all night


----------



## eddie5659

I'm getting there, slowly. I'll stop at 11.20ish, and carry on tomorrow


----------



## sweetrose

Eddie take yr time doing it i don,t want to keep you up every night...


----------



## eddie5659

Well, just when I needed sleep, I ended up staying up last night till 2.30am, as I was involved in some intense gaming 

Anyhoo, can you try this tool, to see if any of the above will be removed:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## sweetrose

Eddie it wont download....sYS this file malcious,,,,,,,,
bet you still want to sleep


----------



## sweetrose

its ok its on now


----------



## sweetrose

Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.0 (11.30.2012:3)
OS: Windows 7 Home Premium x64
Ran by ann on 01/12/2012 at 14:57:05.36
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\vProt
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Failed to delete: [Folder] "C:\Users\ann\appdata\locallow\mefeediatest"
Successfully deleted: [Folder] "C:\Program Files (x86)\mefeediatest"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/12/2012 at 15:17:36.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## eddie5659

Well, I was soo tired trying to watch a program at 7pm last night, so bed at 10pm (very early for me). A lot better, but I'm on call this week, so will be in bed at 11.30 if I can till next week.

Looks like it removed some other things, but the majority wasn't touched. 

So, in a few mins I'll post up the fix


----------



## sweetrose

you never had a lot of sleep did you Eddie.


----------



## eddie5659

Well, I had 12 hours last night, which is equivalent to 2 nights worth, so needed it 

Now, for this fix, its best to create a backup, just in case:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-----------------------------

Then, exactly as before, copy the below into OTL, into the Custom box at the bottom. Make sure to include the *:Files* at the begiining, and the *[Reboot]* at the end 



Code:


:Files
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
C:\Users\ann\appdata\locallow\mefeediatest

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]

:Commands 
[purity] 
[CREATERESTOREPOINT] 
[Reboot]

Then, click the *Run Fix* button, and post the log it creates:


----------



## sweetrose

eddie that box just come up i put ok on it dont say anythink elst what do i do


----------



## sweetrose

this come up


----------



## eddie5659

Hang on, let me get some screenies


----------



## eddie5659

Cope/paste all in the code box into here:










Then, click the *Run Fix*


----------



## eddie5659

Ah, you mean ERUNT?

Did it say Yes? A folder will be created for you, you don't need to do anything else 

Then, just close it, and do the OTL fix as above


----------



## sweetrose

Eddie its ok iv done it


----------



## sweetrose

Eddie for some reson otl is not working


----------



## sweetrose

keeps saying otl not responding


----------



## sweetrose

i did that Eddie


----------



## sweetrose

i did everythink you ask but otl still wont work


----------



## eddie5659

Okay, we'll do it using a reg fix, but I'll create a fix for you tomorrow, when I can grab some screenshots


----------



## sweetrose

ok Eddie .im going off to sleep now so you can rest too so i say night ..will see you tomorrow,,,,:,)


----------



## eddie5659

Okay, we're going to do a registry import. So, to do this, you need to create the reg file, and then import it, and Windows will do the rest for you 

So, firstly, open up a blank Notepad. To do this, go to Start | Programs | Accessories, and then click on the Notepad:










When its open, copy/paste the contents of the below code into the Notepad. Make sure to include the top part *Windows Registry Editor Version 5.00* and all the way to the bottom, which is *[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]*



Code:


Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]

So that it looks similar to this:










Then, at the top click *File* and *Save As*:










Now, make sure that the *Save As Type* is set to *All Files*:



















In *File Name* call it *fix.reg*










And save it somewhere you remember easily, using the *Browse* at the top. The best place is the *Desktop*:










Now, close the Notepad, and go to the *Desktop* where you saved the *fix.reg*.

Locate the *fix.reg* file on your Desktop, doubleclick and when the option appears saying *Are you sure you want to Add the information in fix.reg to the Registry?*, select *Yes*.

-------------

Any problems/questions, let me know. Also, let me know when its done, and we'll do the next part


----------



## sweetrose

i have it all on fix txt nowEddie


----------



## eddie5659

You should have it as *fix.reg*, otherwise it won't work.

Make sure that the *All Files* is selected, before you save it:


----------



## sweetrose

iv done that


----------



## eddie5659

Okay, did you manage to double-click ok, so that the message

*Are you sure you want to Add the information in fix.reg to the Registry?*

appeared?


----------



## sweetrose

what will happen to it


----------



## eddie5659

Basically, it will remove the malware that we've been trying to remove that some of the tools sometimes don't remove.

For example, you had Shooping Sidekick installed, which is not good. This removes that entry:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\*ShoppingSidekick*_gb_RASMANCS]

And so on


----------



## sweetrose

it dont say anythink


----------



## sweetrose

i just click ok on files


----------



## eddie5659

When you double-click the *reg.fix* with the left mouse button, what message comes up?


----------



## sweetrose

no message


----------



## eddie5659

Does the icon look like this:


----------



## sweetrose

no icon


----------



## sweetrose

done it and all files come up


----------



## eddie5659

Did you copy/paste everything into the Notepad? if so, you just need to save it as *fix.reg*, with *All Files* selected.

Just give me a minute


----------



## sweetrose

iv done all thhat


----------



## eddie5659

Okay, download the attached zip file.

Then, double-click to open it:










In there, you will see the *fix.reg* file. Click on *Extract All Files*:










Then, the following will pop up:










Click the *Extract* button, and make sure the box is ticked for *Show Extracted files when complete*:










Then the file will appear:










Now, doubleclick the file, and when the message pops up:

*Are you sure you want to Add the information in fix.reg to the Registry?*, select *Yes*.

-------------


----------



## sweetrose

done it again and all my


----------



## eddie5659

all my? What happened?

Did you do the fix I just uploaded?


----------



## sweetrose

can,,t find zip file


----------



## eddie5659

I have to go for a bit, but have a look in your Ann\Downloads folder


----------



## sweetrose

ok eddie i will don,t worry go when you have to


----------



## sweetrose

Eddie i will get there you no me it may take a bit long.er...........don,t worry go.........


----------



## eddie5659

Had to watch a film, as we rent them at the weekend, and need to send them back tomorrow, so I can get the new ones for next week 

Take your time with the fix, the one above where I posted the zip file is probably the best way to do it, as its already created for you


----------



## sweetrose

lucky you ....are they all new films .Eddie that think you give me did work but it says it cant do it .i will look for zip//have a good day


----------



## eddie5659

Nope, most are oldish, some are new. Its LoveFilm I get them from, so last night was a Michael Palin documentary


----------



## sweetrose

love films .do they make you cry Eddie.......lol
im going to try that now what you post lastnight.


----------



## eddie5659

Had to work very late last night, so will look here tonight.

Nope, its a company in the UK called LoveFilm, not the actual love films 

Tend to watch all sorts, love horror, but also any type of genre. In fact, have a look here:

http://forums.techguy.org/random-discussion/1024873-movie-film-reviews.html


----------



## sweetrose

i like horror films Eddie.......i have everythink on text file now


----------



## eddie5659

Sorry, its the time of year for yearly reviews, so spent 3 hours at home trying to write mine 

Horror's are good, from the old black and white, thru to the new stuff 

Okay, its on the text file, did you manage to save it as *fix.reg* as I explained in screenshots before?


----------



## sweetrose

for same reson zip files wont open


----------



## eddie5659

Okay, leave that for now, we'll try the automated tool again, back in a min


----------



## sweetrose

ok im just jumpin in bath


----------



## eddie5659

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*), so that it looks like this:










*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*), exactly as you did before:



Code:


:Files
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
C:\Users\ann\appdata\locallow\mefeediatest
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*:










Click the red *Moveit!* button.










*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.











*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post


----------



## sweetrose

its frezz up Eddie


----------



## sweetrose

not working


----------



## eddie5659

Oki doki, lets see what's running in the background 

I'll post my speech as normal, as there isn't much to it 

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.


----------



## sweetrose

EDDIE im sorry about all this i just dont no why its not working,,,,,,,,,,,,
will do it tomorrow so you can go to to bed,,,,,,,,,,,


----------



## eddie5659

I think something is blocking the usage of the tools. Hopefully the above tool will help, as it should tell me what's running, so we can disable it before we run the fix 

Off to bed soon, as I was up till 2am yesterday, so need sleep


----------



## sweetrose

you dont get alot of sleep do you Eddie....will do this when i get home sleep well


----------



## sweetrose

now i have that internt turbo up aging


----------



## eddie5659

Not sure why the turbo is there, as you removed the plugin, but if you can run the RogueKiller tool, it may help us


----------



## sweetrose

Eddie its still not working


----------



## eddie5659

Which, the RogueKiller tool? Can it not start at all?

Is this the one you're trying:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.

-------

If so, we'll rename it. I'll get some screenshots


----------



## sweetrose

did that a few times Eddie it works but it never did show anythink just that i have to pay


----------



## eddie5659

Shouldn't have to pay, its a free tool. I've posted a direct link to the file in the above fix.

Did you select *Accept* in the box that appeared?

After that, press the *Scan* button:










And after its finished, press the *Get Report* button to get the log:


----------



## sweetrose

i did that Eddie but i could not see repprt


----------



## sweetrose

think iv done it...p://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ann [Admin rights]
Mode : Scan -- Date : 12/09/2012 21:33:50

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] mngr.exe -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -> KILLED [TermProc]
[SUSP PATH] mngr.exe -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB} : NameServer (10.203.129.68 10.203.129.68) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB} : NameServer (10.203.129.68 10.203.129.68) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
icular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2565GSXV +++++
--- User ---[MBR] 528302b0ce5f2347a4571670c09c6ccd
[BSP] da224308ab37e408c113c2c3a3b9c88c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 119237 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245018624 | Size: 118837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12092012_02d2133.txt >>
RKreport[1]_S_12092012_02d2133.txt


----------



## eddie5659

That's the one :up:

Okay, now before we use that program again, lets do a spot of cleaning, as that may help to speed things up, as it keeps freezing on the programs:

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean

There is no log created with this tool, just let me know when you've run it 

Then, we'll do the next step


----------



## sweetrose

Eddie it come up saying not responding


----------



## eddie5659

Okay, try this instead:


Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

If still no joy, we'll try via safemode, as that will stop many things from running, which may be causing the issues


----------



## sweetrose

on that link you give me


----------



## sweetrose

EDDDIE i did it and it work this time,,and it did a reboot


----------



## eddie5659

Nope, the above that I posted is something that Windows has on all computers 

So, just click on the *Start* button, then select *Programs*, then *Accessories*, then *System Tools* and then finally *Disk Cleanup*.

This will then pop up:










Select the C Drive, and press OK:










And this will appear:










After its finished scanning, this will pop up:










Tick all the boxes in the *Files to Delete* and press OK.


----------



## eddie5659

Excellent :up:

I was just posting the above, can you do that as well, so that its removed other bits. If the *Compress Files* option is there, it may take a while. Just let it run.


----------



## sweetrose

doing it now eddie


----------



## eddie5659

Excellent. I'm off for a bit, had a lousy night (read here)

http://forums.techguy.org/8550466-post230.html

However, just in case the above speeds it all up, can you see if you can run the OTM again, from here. If it freezes again, let me know, and we'll do plan B 

http://forums.techguy.org/8546672-post551.html


----------



## sweetrose

ok eddie you go,will post why yr gone


----------



## sweetrose

oh no Eddie ,so it was on the morning they went


----------



## sweetrose

dont no how to save it to decktop


----------



## eddie5659

Did OTM manage to run? If so, have a look here for the log:

Open Windows Explorer, and on the left, look for this folder:

*C:\_OTMoveIt\MovedFiles*

Once in there, look for the latest log. If there is only one, that's fine. But, if a few, look for the latest one.

Then, open it up, right-click inside and press *Select All*, then right-click again, and choose *Copy*. Finally, in your reply here, *Paste* it as before


----------



## sweetrose

no it would not run eddie


----------



## eddie5659

Okay, looks like it may be best to run the fixes in safemode. Do you know how to use SafeMode?

If not, its very easy. What I'll do is post up how to get there, and then back to 'normal' Windows.

When you've managed to do this okay and comfortable with it, let me know, and I'll do the next part of the fix 

---------

First off, restart your computer/laptop by clicking on the *Start* button and then click the arrow next to the *Shut Down* button, and then click *Restart*.










Now, I can't do screenshots of this part, so you'll just have to try it yourself.

As soon as the claptop starts up again, press and hold the *F8* key on your keyboard.

You need to press *F8* before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer as before, and try again.

On the *Advanced Boot Options* screen, use the arrow keys to highlight the safe mode option below, and then press Enter.

*Safe Mode*










Now, this will not have any internet available, as I don't want any interference with the tools, possibly caused by the internet.

When your computer is in safe mode, you'll see the words *Safe Mod*e in the corners of your monitor. Also, your Desktop may appear larger, this is normal.










To exit safe mode, restart your computer and let Windows start normally.

eddie


----------



## sweetrose

iv done that Eddie


----------



## eddie5659

Excellent 

Been late at work all week, and xmas party last night, so a bit groggy today 

Can you go to safemode, and then after a few minutes, try running OTM as before.

As you won't have internet, I've attached the OTM details below. Download that (probably will be the same place as your download folder), and then when you go to SafeMode, open up the OTM-fix and copy/paste it into OTM, and run it as before. Just jot down how to run the program on some paper, so you can easily run it 

Hopefully it will be okay, so once its done, restart your computer as normal, and then copy/paste the log that was created at C:\_OTMoveIt\MovedFiles.


eddie


----------



## sweetrose

eddie did you get drunk..........;.)

i cant find the otm to downlode it now,


----------



## sweetrose

otm wont open


----------



## eddie5659

You should already have the OTM program, you used it before here:

http://forums.techguy.org/8546672-post551.html

Is OTM not opening in SafeMode?

--------

Yep, got a bit drunk, staggered in at 4am


----------



## sweetrose

no Eddie


----------



## sweetrose

4 an you got in,bet you was more then a bit drunk.............lol


----------



## sweetrose

eddie this is all that would come up/
:Files
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
C:\Users\ann\appdata\locallow\mefeediatest
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


----------



## eddie5659

Yep, that's the fix. You need to save the Notepad that I uploaded to your computer. Then, whilst in safemode, do exactly as you did here, but use the fix you just downloaded:

http://forums.techguy.org/8546672-post551.html

It should work in SafeMode.


----------



## sweetrose

Eddie it still wont work


----------



## eddie5659

Okay.

I'm going to send you a reg file via your email, so that its a correct extension etc. I'll do that when home, but if you can download it to your Desktop, running it in SafeMode should be the better way.

I'll post here when its sent


----------



## sweetrose

ok Eddie.......hows yr head buy the way............


----------



## eddie5659

Its fine, now have the pleasure of all week at work, but only staying late Wednesday, as tomorrow I'm sending something from my shop at Amazon 

*Registry fix from eddie*

That is the email I just sent, with the download file attached


----------



## sweetrose

you sent it buy emai


----------



## eddie5659

Yep, the same one that you emailed me with, when you had the internet problems


----------



## sweetrose

ll processes killed
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\ProgramData\HiYo\Info\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\ProgramData\HiYo\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\HiYo\Bin\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\HiYo\"=-> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]k.com\chrome\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\Ask.com\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\Ask.com\assets\oobe\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\Ask.com\assets\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]> in the current context!
Error: Unable to interpret <"C:\Program Files (x86)\Ask.com\Updater\"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]> in the current context!
Error: Unable to interpret <"A28B4D68DEBAA244EB686953B7074FEF"=-> in the current context!
Error: Unable to interpret <[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret <"ROC_roc_ssl_v12"=-> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]> in the current context!
Error: Unable to interpret <[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]> in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 5917760 bytes
->Temporary Internet Files folder emptied: 5927767 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 91989473 bytes
->Flash cache emptied: 1577 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664834 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2192692 bytes

Total Files Cleaned = 102.00 mb

Error creating restore point.

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 12172012_214524

Files moved on Reboot...
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.


----------



## eddie5659

Which did you use on the OTM program, the file that I sent you? If so, it won't work, as that was just a registry fix 

I'll send you a different one, so download this by email, and copy/paste teh contents of that to OTM, and try again in safemode.


----------



## eddie5659

Sent you a brand new OTM fix, via your email. Its a bit different, as when you run it, it should close your antivirus as well, and explorer.

That way, the malware can't run, which could be stopping the removals.


----------



## sweetrose

44EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]:Files
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
C:\Users\ann\appdata\locallow\mefeediatest
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_ssl_v12"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


----------



## eddie5659

Okay, taken me a while, but managed to create a video on how to do this 

Above, you have posted the details of what to put into the program, not what has happened.

So, I'll put the new one below in a seperate reply, alongside the video clip.

When you've run it, select the contents of the window on the Right, where its blank in the clip, as I didn't run what you have to remove


----------



## sweetrose

ok Eddie..was that wrong what i did


----------



## eddie5659

> rocesses
> explorer.exe
> avgidsagent.exe
> avgtray.exe
> StartManSvc.exe
> SSDMonitor.exe
> avgwdsvc.exe
> BoostSpeed.exe
> :Files
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal
> C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage
> C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal
> C:\Program Files (x86)\Common Files\AVG Secure Search
> C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
> C:\Users\ann\appdata\locallow\mefeediatest
> :Reg
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar\toolbar]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
> [-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Conduit]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PricePeep.DLL]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\PricePeep.DLL]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\PricePeep.DLL]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BandooV8 (1).exe]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\BandooV8 (1)_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2AutoUpdaterHelper_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncrediMail_MediaBar_2ToolbarHelper_RASMANCS]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\ProgramData\HiYo\Info\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\ProgramData\HiYo\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\HiYo\Bin\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\HiYo\"=-
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_BarAutoUpdateHelper_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_Install_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\HiYo_RASMANCS]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\HiYo_Bar]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\HiYo_Bar]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\Ask.com\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\Ask.com\assets\oobe\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\Ask.com\assets\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
> "C:\Program Files (x86)\Ask.com\Updater\"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
> "A28B4D68DEBAA244EB686953B7074FEF"-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
> "A28B4D68DEBAA244EB686953B7074FEF"=-
> [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.BrowserWndAPI\CurVer]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.PugiObj\CurVer]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
> [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
> "ROC_roc_ssl_v12"=-
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{114A3321-5237-4338-B20F-0EF65BC1D03D}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{95F32C02-A631-4525-92F2-77364F32E38C}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}]
> [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater12.2.6]
> [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
> [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater12.2.6]
> [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
> [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater12.2.6]
> [-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
> [-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]
> [-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0438_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0D70_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS]
> [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\PriceGong]
> [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\PriceGong]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505558}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506658}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077507758}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506658}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077507758}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick_RASMANCS]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASAPI32]
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShoppingSidekick_gb_RASMANCS]
> :Commands
> [purity]
> [resethosts]
> [emptytemp]
> [CREATERESTOREPOINT]
> [EMPTYFLASH]
> [Reboot]


----------



## eddie5659

You may want to see it bigger, as its a bit small, so click on the Youtube button, on the bottom right, as it will be clearer


----------



## sweetrose

ok will do that tomorrow....Eddie when do you stop for christmas


----------



## sweetrose

that vidio dont work


----------



## sweetrose

yutube dont work


----------



## eddie5659

Well, it should, as its on this screen 


Let me have a looksee....


----------



## eddie5659

Nuts, made it Private. Hang on


----------



## eddie5659

Should work now


----------



## sweetrose

will try it torrow and let you no,,,,,,soyou can sleepnow Eddie


----------



## eddie5659

Thanks, its my first ever video clip......well, apart from a gaming one. I can post that if you want to be bored for 5 mins


----------



## sweetrose

lol.thanks but no Eddie ........


----------



## eddie5659

I got the email, this week I may be limited as its christmas, but I'll try 

You said not all of it will go into the OTM program, but when I tried it on the video above, it all went in okay, so not sure what is happening on your side 

Are you doing it exactly as I posted, as in copy/pasting the contents of the fix into the left window, and pressing MoveIt?

----------

Okay, I need to see what fixes you have, as I have a feeling you have too many and some may be used by mistake. Plus, for some reason you always need to download the tools each time, which shouldn't happen.

You already downloaded SystemLook, so have a look here to see if you can see it:

*C:\Users\ann\Downloads*

It will have this icon:










if you can't see it, get a fresh one from here:

*Download SystemLook*

Then, open it and you should just have a big box like this:










then you need to copy/paste this code:



Code:


:dir
C:\Users\ann\Downloads
:filefind
*OTL.exe
*OTM.exe
*SystemLook.exe

into it, so that it looks similar to this, but with the extra bits above:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished 

eddie


----------



## sweetrose

eddie it did work and it did reboot ..but anthink come up.so no files..sent you a email


----------



## sweetrose

ystemLook 30.07.11 by jpshortstuff
Log created at 07:41 on 25/12/2012 by ann
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

No Context: dir

No Context: C:\Users\ann\Downloads

========== filefind ==========

Searching for "*OTL.exe"
C:\Users\ann\Downloads\OTL.exe	--a---- 602112 bytes	[19:28 24/11/2012]	[19:28 24/11/2012] 4ADCFEE16EE9978F06157634669D36FB

Searching for "*OTM.exe"
C:\Users\ann\Downloads\OTM.exe	--a---- 522240 bytes	[15:46 20/12/2012]	[15:46 20/12/2012] ABE171BFF8277921FD92BF5DEC76F363

Searching for "*SystemLook.exe"
C:\Users\ann\Downloads\SystemLook.exe	--a---- 139264 bytes	[07:40 25/12/2012]	[07:40 25/12/2012] DEDB5F9E28EE2C9363E83A2A94BA83B9

-= EOF


----------



## eddie5659

Hope you're having a nice Christmas, and hope you have a great New Year :up:

Ah, okay, so looks like it may have run okay. Also, the Systemlook log isn't complete, so we'll sort that out below 

-----

I need to check to see if any of the conduit and other entries have now gone, after the removal you just did. Do you still have the SystemLook program?

It will have this icon:










If not, redownload it from here:

*Download Link*

Now, what I need you to do is run a scan so we can see what's left:

So, once you've either downloaded SystemLook, or found the original in your Download folder, open it up so it looks like this:










Now, I've created some code below. Using the mouse, highlight everything as you did before, by dragging the mouse to make all the words blue, so that its from the *:folderfind* all the way down to **I Want This**

Then, right-click using your mouse and select *Copy*



Code:


:Filefind
*Conduit*
*PriceGong*
:Folderfind
*Conduit*
*IncrediMail*
*AVG Secure Search*
:regfind
Conduit
PricePeep
FunWebProducts
babylon
Bandoo
IncrediMail
HiYo
Crossrider
Ask.com
AVG Secure Search
Claro LTD
Yontoo
Wajam
PriceGong
{44444444-4444-4444-4444-440044504458}
{55555555-5555-5555-5555-550055505558}
{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Searchqu
MyWebSearch
BabylonToolbar
Sidekick
iNTERNET_TURBO
:reg
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
:dir
C:\Windows\Installer
C:\Users\ann\Downloads /s
:file
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll

Now, inside the SystemLook box, right-click with your mouse and select the *Paste* option:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished. Copy/Paste the contents of the log here, as before 

eddie


----------



## sweetrose

Hi eddie ,i sent you a card on emai did you get it.my chrisstmas was ok hope yrs was 

will do that now.


----------



## sweetrose

temLook 30.07.11 by jpshortstuff
Log created at 20:21 on 27/12/2012 by ann
Administrator - Elevation successful

No Context: Filefind

No Context: *Conduit*

No Context: *PriceGong*

========== Folderfind ==========

Searching for "*Conduit*"
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_CT2724386	d------	[16:06 29/04/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\Repository\conduit_CT2724386_en	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine	d------	[16:05 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_CT2966447	d------	[16:06 29/04/2012]
C:\_OTL\MovedFiles\11052012_200144\C_Windows\SysWOW64\config\systemprofile\AppData\LocalLow\HiYo_Bar\Repository\conduit_CT2966447_en	d------	[16:06 29/04/2012]

Searching for "*IncrediMail*"
C:\ProgramData\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\All Users\IncrediMail	d------	[20:53 01/04/2011]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VWXVANCM\www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.incredimail.com d------	[21:48 22/08/2012]
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www2l.incredimail.com	d------	[17:31 21/08/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2	d------	[16:05 29/04/2012]

Searching for "*AVG Secure Search*"
C:\Program Files (x86)\AVG Secure Search	d------	[11:09 21/12/2012]
C:\Program Files (x86)\Common Files\AVG Secure Search	d------	[11:09 21/12/2012]
C:\ProgramDat\AVG Secure Search	d------	[11:09 21/12/2012]
C:\Users\All Users\AVG Secure Search	d------	[11:09 21/12/2012]
C:\Users\ann\AppData\Local\AVG Secure Search	d------	[11:10 21/12/2012]
C:\Users\ann\AppData\Local\Temp\avg_a02224\CommonFiles\AVG Secure Search	d------	[11:09 21/12/2012]
C:\Users\ann\AppData\Local\Temp\avg_a02224\ProgData\AVG Secure Search	d------	[11:09 21/12/2012]
C:\Users\ann\AppData\LocalLow\AVG Secure Search	d------	[11:09 21/12/2012]
C:\_OTM\MovedFiles\12122012_152628\C_Program Files (x86)\Common Files\AVG Secure Search	d------	[11:51 14/10/2011]

========== regfind ==========

Searching for "Conduit"
No data found.

Searching for "PricePeep"
No data found.

Searching for "FunWebProducts"
[HKEY_CURRENT_USER\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Control Panel\Cursors]
"Arrow"="C:\Users\ann\AppData\LocalLow\FunWebProducts\Shared\001CD4FA.dat"

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"FaviconURL"="search.babylon.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"FaviconURL"="search.babylon.com/favicon.ico"

Searching for "Bandoo"
No data found.

Searching for "IncrediMail"
[HKEY_CURRENT_USER\Software\Clients\Mail]
@="IncrediMail"
[HKEY_CURRENT_USER\Software\IncrediMail]
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-C-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_CURRENT_USER\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_CURRENT_USER\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"item"="IncrediMail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"command"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\Bin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{01196CF3-A97E-4CAB-AB87-D6F3A48D6AD0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0764C0CC-7A86-4765-B0B6-9CA2A93F06E7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{07C4D36C-62D4-4D4B-8D8B-D1CF14BAFC7E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{09D2DBAB-C227-41D1-BAA0-7DF27CF733F2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0B248F59-5C20-4DA8-8942-60C29CAE8140}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0C14A18B-C2AC-4669-86E4-B9E73BE84718}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{0CAA856A-58A6-4A9F-90B2-555C261B3F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{109056AE-5DE4-4EAE-91CB-6BB390A09A59}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1190927C-0CA1-498D-812F-21A32E20C88B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{132C7AA8-241D-49C7-B908-8223AA880F6A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{18808474-BF2B-4501-AE58-22914203D66C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1947E5E1-F1D7-4E50-9FC6-0B9D8A279E8D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{194AFDE0-4FFA-46E2-AD4C-56213B86EB24}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1D63DEA0-1C10-4705-81EE-86BA1C9445C1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{1E9E5D28-DF38-4A3E-BD93-16143B6D5161}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{23E41B8B-DDDE-4FC5-90E0-D309639FA056}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{251A17B1-A3C8-4D3A-A7D8-8263B3F384EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{25E53664-29F4-4705-91D4-62F10E642451}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2717B5A6-84A9-410A-8A42-CE27CB779CCD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A3F5A21-8665-4DBD-9BD2-7A88A001E4BD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2A53D07B-D668-4656-9D1E-C9862E7E8DB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2AAFE8D5-FB97-4798-BE6C-823BE84F22ED}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2B89B57D-8B42-474B-9A46-D5424878E4BF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{2E8A33E4-B57B-4F09-9BC1-8C5AB6CB5223}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{34B4B5E4-6EFD-4C33-8F14-ADB675C31F49}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{35180BF0-14A8-4DF2-97A9-1892D2FF46F1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3AEF0E06-B06D-44B9-A019-0A6C317C979D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3BDC7D91-1C7D-471E-B6C6-A3510E0E79E6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{3DDAE38B-6A10-4070-9671-DA595F8A9C18}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{40C815FD-5C64-4E20-8ED1-0F2D1BF4706C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{43E0895E-1896-445D-B8D1-4BF2667F5439}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{44A7185B-21E9-463C-8B7A-AAF720497BAC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{46BE39D0-31AA-49F2-BC4E-77A71B2568B4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{47E48499-939C-497C-9F67-9AFB489E214B}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4AE8FF68-2CE6-419B-BE74-A70EEB12AF27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4C448A7E-528C-4DC9-9F5A-132DBBB5BAE4}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{4F14A10F-A49D-4D90-8EFC-750E2DE542C5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{54B87B0C-3BC4-4CAE-94E7-4A917E65C9B6}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{578BC8DD-3211-423B-AD26-39F907B1BE62}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5801CC77-1E03-44F9-AF1E-DA0D5AD9231A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{58F47CA4-34B8-44CE-A79A-9073E55164D9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{595CB421-00D3-4E28-996B-11DFBBD68346}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5BD9DB75-E1F5-4659-A79B-DC5D6C7899D0}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5E2291A7-EE52-4655-AEBE-45E91FB16A64}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F361939-467F-448E-B99B-04929AB31F16}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{5F5071A6-74A5-4E9A-8592-255121BEAB1D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{649B7494-1829-481E-9063-EC63E8B4DE74}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7388F73B-495E-4037-B5B2-10DBF7F20012}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7532F775-18B4-4518-BAB8-7BA07A8B966F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7BF844DF-6225-4800-9DED-87A359D3BD01}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7D44BD65-D99A-4248-9981-6367C9910A5F}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7E2E1AFB-85DC-4716-92BF-981E483A4706}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{7EED807D-ABE5-482C-87CC-0A610B5AD14D}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8433493E-6DAA-42E1-949D-5CEDD29EEE81}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{85364EFF-D52B-4266-BBFB-C27C03C62B56}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8A1EA157-6F51-414B-B83B-CEC4B010D6E2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{8C0C3CD8-25E3-41C6-92D0-56A3FF5ED2E1}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\M


----------



## sweetrose

icrosoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{90DD0D61-009F-4805-A714-956C0B2F51EF}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9112AEE4-04D0-49A1-B794-852585702461}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{95513B5D-7E7F-4963-82D9-5709E57F7908}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{96E130A0-8F5D-4CEF-9D6E-893CC709D5CD}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9C88AB9F-936E-479D-B4A6-6AC386700312}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{9FD9F8A0-06BE-4F26-92EC-89E5B047FA2E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A0953278-741A-43F6-92C9-A9B147CA691A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A28880ED-C6CD-4467-A340-DCC48941B640}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{A9272F22-D0C1-4E0B-8DD9-B2C55B88E7FC}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B18CEA45-08C4-44F4-B079-EB9FD8D3C66E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B24EA274-F645-4A7B-8463-2E799E23CD27}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B39A875C-9E5B-4C1A-9137-F4C46DBE2A32}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{B67DDF5A-3B6B-4E0B-98E5-9CA9AB65EF28}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BE4E2255-3827-47D8-900C-C02E960D2361}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{BF00389C-CC6F-4B99-B473-A2BD4882947E}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C1EA2691-0130-49E4-8EA4-F8966B892393}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{C531BFEE-8994-47DD-9687-DA13DE38F0C9}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D519E5CB-392E-41DA-9317-E908F12C3241}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D73E2035-9FD9-4F48-8FA3-5C829439EFC8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D766A57D-EDC0-4A5D-99D5-040CECA4243A}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D820E2E9-452D-4CE8-83D4-FC32D8EC0295}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D8AEC21F-E3BA-4EFA-A66B-A2657623BEB8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{D9399675-900F-489B-AA91-4B69567999E5}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{DB4CA8A9-279C-44F0-AE35-79CFECC1ED42}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E3E4EDD2-55B5-4764-9DEC-A84EDE963EF8}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E61E0414-2E23-433E-B6ED-68AE02DF85AE}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E7377AFF-D892-4EE3-AA61-06D7434B40D3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{E984453A-44FD-48E6-880D-73AF61F1BE53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EC1A3858-E483-4D91-AA28-B62F09ADF75C}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{EE546098-5A39-4870-9678-82BC9220D213}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{F9752AC4-9B3F-435D-A942-012F1FC997C7}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FAAE75FC-3CA5-4800-ADA3-9BCF887DFA53}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FBFACA01-2994-457B-B3A8-4F92759BA3A2}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FEE9B36E-2CFB-4537-829B-50DEC559E875}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Pictures\{FF249D89-5CD7-40B5-BB82-D081E65EE1C3}\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Welcome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Facebook\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\IncrediMail\Data\Licenses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\065EFC441E38F9C47AE53FD0108F15DE]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_LTWIZ.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\286FB5A04FCEF1D4DB63DA74A77F000A]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_SYSTEM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C9DF4B668FE918488AC070320498756]
"00000000000000000000000000000000"="C:\ProgramData\IncrediMail\Data\Licenses\IM_PREM.imk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredimail_install_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F00DB2A9-332E-475F-BFF3-38A60A509EE2}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A80AC589-1A07-4004-8422-9F19E3DB10FB}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8C5CC044-E5DB-45E2-8325-2B90E4606AD1}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B373D7-2CD5-43F3-8EF5-53FB48B07467}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B2DA63E-7432-456F-941A-B409A307D914}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AAABB301-6DD0-4494-B985-59391C7F2E9E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe|Name=IncrediMail|"
[HKEY_USERS\.DEFAULT\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Clients\Mail]
@="IncrediMail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A71D1748-FEC9-43E2-8294-228D96CF1B59}]
"IPA"="-ROOT http://www5l.incredimail.com/im/imsetup/201207311605/default/installer/ -skip_dialog info -skip_dialog language -language 1033 -product IncrediMail -cluster 143 -au -report -ms_url_id 156"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\6]
"ACDATA"="http://www.incredimail.com/english/gallery/letters/seasons/winter"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\IMSys\{A7C6A0A8-CCC1-41C2-B74B-88A495077CFD}\7]
"ACDATA"="http://www.incredimail.com/app/?tag=page_incredigames_link_9"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"UserLexFiles"="C:\ProgramData\IncrediMail\Data\Lex\userdic.tlx,C:\ProgramData\IncrediMail\Data\Lex\correct.tlx,private.tlx"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\IncrediMail\Identities\{F4CA0EDA-14DC-4BB2-9642-35932492B50F}\SSCE]
"MainLexPath"="C:\ProgramData\IncrediMail\Data\Lex"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\A Sample Category\A Sample Collection\B17325B7-DF30-4f79-A191-1C8EEBBFF4EC]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\46D4DAF6-E3E8-4689-86F6-492BD8DC1B4A]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMark"="Incredimail"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Magentic\Content\Wallpaper\Illustrations\Cartoon Pets\615928B1-1C4F-4448-9A3E-5D80FCBF9CBD]
"TradeMarkLink"="www.incredimail.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e298c79_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\IncMail.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\aeef4022_0]
@="{0.0.0.00000000}.{3fde3ee4-6854-45a0-9755-4abb9ca23b77}|\Device\HarddiskVolume2\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="IncrediMail.Url.Mailto"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe"="IncrediMail Content Importer"
[HKEY_USERS\S-1-5-18\Software\IncrediMail]

Searching for "HiYo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=""

Searching for "Crossrider"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Domain"="http://app-static.crossrider.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\OpenSearch]
"SearchIcon"="http://static.crossrider.com/system/images/search-icon.ico"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://crossrider.cotssl.net",staging:"http://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://crossrider.cotssl.net",staging:"http://staging-app.crossrider.com"},statsBase:{production:"http://nstats.crossrider.com",staging:"http://staging-app.crossrider.com"},geolocation:"http://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://crossrider.cotssl.net",staging:"http://staging-app.crossrider.com"}
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1]
"Url"="http://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000014]
"JavaScript"="Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(this),d=b.length>>>0;if(0===d)return-1;var c=0;0<arguments.length&&(c=Number(arguments[1]),c!==c?c=0:0!==c&&c!==1/0&&c!==-(1/0)&&(c=(0<c||-1)*Math.floor(Math.abs(c))));if(c>=d)return-1;for(c=0<=c?c:Math.max(d-Math.abs(c),0);c<d;c++)if(c in b&&b[c]===a)return c;return-1});
var _GPL_PLUGIN={params:null,parent_zoneid:null,keys:{CHILD_CREATED:"_GPL_hotfix20111102645",INSTALLER_PARAMS:"InstallerParams",INSTALLER_PARAMS_BACKUP:"_GPL_installer_params",INSTALLATION_TIME:"InstallationTime",AOI:"_GPL_aoi",ZONEID:"_GPL_zoneid",PARENT_ZONEID:"_GPL_parent_zoneid",PRODUCTID:"_GPL_product_id",BGCODE:"_GPL_crr",COUNTRY_CODE:"_GPL_country_code",BLOCKLIST:"_GPL_blocklist"},recreate_child:!1,vars:{pid:21,systemid:appAPI.getCrossriderID()},proto:"https:"==document.location.protocol?"https://":
"http://",baseCD
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000014]
"Url"="http://app-static.crossrider.com/user_plugins/14.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000015]
"Url"="http://app-static.crossrider.com/user_plugins/15.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\13]
"Url"="http://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\14]
"Url"="http://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\17]
"Url"="http://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\2]
"Url"="http://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e()}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground()}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750)}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i)}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d()}});h("body").bindExtensionEvent("debug_request_database",function(j,i){if(i.appId==f.appId){c(i)}});h("b
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\21]
"Url"="http://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function("("+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(x){var z={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:x.browser.msie&&x.browser.version*1==7},u=new x.Deferred(),g=H("meta")||{},B=H("remote_resources")||{remoteId:0},e=H("queue")||{},f=initialVersion=H("lastVersion")||0;return x.Class.extend({init:function(){appAPI.queueManager.register(u.promise(
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\22]
"Url"="http://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d()}});e("body").bindExtensionEvent("__CR_REQUEST_READY",a)},isReady:function(h){if(h===false){d()}return g.promise()}});function d(){g.resolve();f=true}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId})}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin()}($jquery_171));"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\28]
"Url"="http://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\3]
"Url"="http://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\35]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\36]
"JavaScript"="appAPI.isBackground=true;appAPI.tabId="BG";appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return false};appAPI.openURL=function(b,a){if(typeof b!=="string"){console.error("appAPI.openURL - Invalid parameter. Expected string (1st param) but got: "+(typeof b));return}if(a!=="current"&&a!=="tab"&&a!=="window"){console.error("appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: "+a);return}msgToSend={url:b,where:a};appAPI.internal.broadcastMsg("openURL",msgToSend,false,"active",true)};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return}appAPI.internal.broadcastMsg("runHelper",a,false,"active",true)};appAPI.internal.sendToConsole=function(a,b){msgToSend={text:a,level:b};appAPI.internal.broadcastMsg("internalBgConsole",msgToSend,false,"all",fa
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\36]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\37]
"JavaScript"="appAPI.internal.browserEventCode=true;appAPI.isBackground=false;appAPI.tabId=appAPIinternal.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab()};appAPI.internal.sendToConsole=function(a){appAPI.internal.broadcastMsg("internalBrowserEventConsoleLog",a,false,"all",false)};window.console.log=function(a){appAPI.internal.sendToConsole(a)};console.log=window.console.log;appAPI.internal.callbacks.setEventHandler("openURL",function(c){var b=c.url;var a=c.where;appAPI.openURL(b,a)});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){var a=b;appAPIinternal.run(a)});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBeforeNavigate");if(typeof c!=="string"){return 0}if(c.length===0){return 0}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0}var d=0;for(var b in c){d++;appAPI.internal.callbacks.addListe
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\37]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\38]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\39]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\4]
"Url"="http://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\40]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={}}(function(a){if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={}}appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");appAPI.appInfo.publisherName=appAPI.internal.prefs.getChar("publisherName","Manifest");appAPI.appInfo.environment=appAPI.internal.prefs.getChar("ModeType","Manifest");appAPI.appID=appAPI.appInfo.id;appAPI.version=appAPI.appInfo.version;appAPI.cr_version=appAPI.appInfo.platformVersion;appAPI.getCrossriderID=function(){return appAPI.appInfo.userId};if(typeof appAPI.i
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\41]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\42]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\43]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\44]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\45]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="onRequest";appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return false};appAPI.internal.sendToConsole=function(a,b){msgToSend={text:a,level:b};appAPI.internal.broadcastMsg("internalOnRequestConsole",msgToSend,false,"all",false)};window.console.log=function(a){appAPI.internal.sendToConsole(a,"log")};console.log=window.console.log;window.console.info=function(a){appAPI.internal.sendToConsole(a,"info")};console.info=window.console.info;window.console.warn=function(a){appAPI.internal.sendToConsole(a,"warn")};console.warn=window.console.warn;window.console.error=function(a){appAPI.internal.sendToConsole(a,"error")};console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0}if(c.length===0){return 0}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0}var
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\45]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\46]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appIdfunction(){var B=appAPI.appInfo;if(B){return appAPI.appInfo.id}else{return appAPI.appID}})(),url:{base:{production:"http://resources.crossrider.com",staging:"http://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebugappAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},u=n("meta")||{},g=n("remote_resources")||{remoteId:0},r=n("queue")||{},z=n("lastVersion")||0,y,q;appAPI.resources={init:function(){if(A.isDebug){h()}else{l(function(B){if(B){k()}else{h()}})}},isReady:function(B){q=B;if{h()}},setBrowserIcon:function(B){j(B.replace(/^\s+|\s+$/g,""))}};function h(){y=true;if(q){q()
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Plugins\47]
"Url"="http://app-static.crossrider.com/plugins/mins/resources_background.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Crossrider]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Domain"="http://app-static.crossrider.com"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\OpenSearch]
"SearchIcon"="http://static.crossrider.com/system/images/search-icon.ico"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1]
"JavaScript"="appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:"https://crossrider.cotssl.net",staging:"http://staging-app.crossrider.com"},css:"/plugins/stylesheets/sidebar.css",themes:"/plugins/images/sidebar"}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:"https://crossrider.cotssl.net",staging:"http://staging-app.crossrider.com"},statsBase:{production:"http://nstats.crossrider.com",staging:"http://staging-app.crossrider.com"},geolocation:"http://www.geoplugin.net/json.gp?jsoncallback=fn",meta:"/notifier/"+appAPI._cr_config.appID()+"/meta.json",messages:"/notifier/"+appAPI._cr_config.appID()+"/{id}.json",logger:"/notifications.gif",loggerAPI:"/api_notifications.gif"},notifications:{base:{production:"https://crossrider.cotssl.net",stag
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1]
"Url"="http://app-static.crossrider.com/plugins/mins/base.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000014]
"JavaScript"="Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(this),d=b.length>>>0;if(0===d)return-1;var c=0;0<arguments.length&&(c=Number(arguments[1]),c!==c?c=0:0!==c&&c!==1/0&&c!==-(1/0)&&(c=(0<c||-1)*Math.floor(Math.abs(c))));if(c>=d)return-1;for(c=0<=c?c:Math.max(d-Math.abs(c),0);c<d;c++)if(c in b&&b[c]===a)return c;return-1});
var _GPL_PLUGIN={params:null,parent_zoneid:null,keys:{CHILD_CREATED:"_GPL_hotfix20111102645",INSTALLER_PARAMS:"InstallerParams",INSTALLER_PARAMS_BACKUP:"_GPL_installer_params",INSTALLATION_TIME:"InstallationTime",AOI:"_GPL_aoi",ZONEID:"_GPL_zoneid",PARENT_ZONEID:"_GPL_parent_zoneid",PRODUCTID:"_GPL_product_id",BGCODE:"_GPL_crr",COUNTRY_CODE:"_GPL_country_code",BLOCKLIST:"_GPL_blocklist"},recreate_child:!1,vars:{pid:21,systemid:appAPI.getCrossriderID()},proto:"https:"==document.locati
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000014]
"Url"="http://app-static.crossrider.com/user_plugins/14.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\1000015]
"Url"="http://app-static.crossrider.com/user_plugins/15.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\13]
"Name"="CrossriderAppUtils"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\13]
"Url"="http://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\14]
"Name"="CrossriderUtils"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\14]
"Url"="http://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\17]
"Url"="http://app-static.crossrider.com/plugins/mins/jQuery.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\2]
"Url"="http://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\21]
"JavaScript"="var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h("body").bindExtensionEvent("debug_request_data",function(j,i){if(i.appId==f.appId){e()}});h("body").bindExtensionEvent("debug_request_reload_background",function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground()}});h("body").bindExtensionEvent("debug_request_reload_plugins",function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750)}});h("body").bindExtensionEvent("debug_mode_activate",function(j,i){if(i.appId==f.appId){b(i)}});h("body").bindExtensionEvent("debug_mode_deactivate",function(j,i){if(i.appId==f.appId){d()}});h("body").bindExtensionEvent("debug_request_database",functio
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\21]
"Url"="http://app-static.crossrider.com/plugins/mins/debug.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\22]
"JavaScript"="(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function("("+appAPI.resources.parseIncludeJS(c.toString())+")($jquery_171)")();});});};}($jquery_171));var CrossRiderResourcesManager=(function(x){var z={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:x.browser.msie&&x.browser.version*1==7},u=new x.Deferred(),g=H("meta")||{},B=H("remote_resources")||{remoteId:0},e=H("queue")||{},f=initialVersion=H("lastVersion")||0;return x.Class.extend({init:function()
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\22]
"Url"="http://app-static.crossrider.com/plugins/mins/resources.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\28]
"JavaScript"="var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d()}});e("body").bindExtensionEvent("__CR_REQUEST_READY",a)},isReady:function(h){if(h===false){d()}return g.promise()}});function d(){g.resolve();f=true}function a(){e("body").fireExtensionEvent("__CR_RESPONSE_READY",{appId:c.appId})}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin()}($jquery_171));"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\28]
"Url"="http://app-static.crossrider.com/plugins/mins/initializer.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\3]
"Url"="http://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\35]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\36]
"JavaScript"="appAPI.isBackground=true;appAPI.tabId="BG";appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return false};appAPI.openURL=function(b,a){if(typeof b!=="string"){console.error("appAPI.openURL - Invalid parameter. Expected string (1st param) but got: "+(typeof b));return}if(a!=="current"&&a!=="tab"&&a!=="window"){console.error("appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: "+a);return}msgToSend={url:b,where:a};appAPI.internal.broadcastMsg("openURL",msgToSend,false,"active",true)};appAPI.internal.runHelper=function(a){if(typeof a!=="string"){console.error("appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: "+(typeof a));return}appAPI.internal.broadcastMsg("runHelper",a,false,"active",true)};appAPI.internal.sendToConsole=function(a,b){msgToSend={text:a,level:b};appAPI.internal.broadcastMsg("int
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\36]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\37]
"JavaScript"="appAPI.internal.browserEventCode=true;appAPI.isBackground=false;appAPI.tabId=appAPIinternal.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab()};appAPI.internal.sendToConsole=function(a){appAPI.internal.broadcastMsg("internalBrowserEventConsoleLog",a,false,"all",false)};window.console.log=function(a){appAPI.internal.sendToConsole(a)};console.log=window.console.log;appAPI.internal.callbacks.setEventHandler("openURL",function(c){var b=c.url;var a=c.where;appAPI.openURL(b,a)});appAPI.internal.callbacks.setEventHandler("runHelper",function(b){var a=b;appAPIinternal.run(a)});(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onBeforeNavigate");if(typeof c!=="string"){return 0}if(c.length===0){return 0}c=appAPI.JSON.parse(c);if(typeof c!=="object"){return 0}var d=0;for(var b in c
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\37]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\38]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\39]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\4]
"Url"="http://app-static.crossrider.com/plugins/javascripts/jquery-1_7_1_min.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\40]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\41]
"JavaScript"="if(typeof appAPI==="undefined"){appAPI={}}(function(a){if(typeof appAPI.appInfo==="undefined"){appAPI.appInfo={}}appAPI.appInfo.platformVersion=appAPI.internal.prefs.getChar("fullVersion","Installer");appAPI.appInfo.userId=appAPI.internal.prefs.getChar("bic","Crossrider");appAPI.appInfo.id=appAPI.internal.prefs.getInt("activeAppId","");appAPI.appInfo.version=appAPI.internal.prefs.getInt("version","Manifest");appAPI.appInfo.description=appAPI.internal.prefs.getChar("description","Manifest");appAPI.appInfo.name=appAPI.internal.prefs.getChar("name","Manifest");appAPI.appInfo.publisherName=appAPI.internal.prefs.getChar("publisherName","Manifest");appAPI.appInfo.environment=appAPI.internal.prefs.getChar("ModeType","Manifest");appAPI.appID=appAPI.appInfo.id;appAPI.version=appAPI.appInfo.version;appAPI.cr_version=appAPI.appInfo.platformVersion;appAPI.getCrossriderID=function(){return a
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\41]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
[HKEY_USERS\S-1-5-21-237179172


----------



## sweetrose

1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\42]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\43]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\44]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\45]
"JavaScript"="appAPI.isBackground=false;appAPI.tabId="onRequest";appAPI.getTabId=function(){return appAPI.tabId};appAPI.isActiveTab=function(){return false};appAPI.internal.sendToConsole=function(a,b){msgToSend={text:a,level:b};appAPI.internal.broadcastMsg("internalOnRequestConsole",msgToSend,false,"all",false)};window.console.log=function(a){appAPI.internal.sendToConsole(a,"log")};console.log=window.console.log;window.console.info=function(a){appAPI.internal.sendToConsole(a,"info")};console.info=window.console.info;window.console.warn=function(a){appAPI.internal.sendToConsole(a,"warn")};console.warn=window.console.warn;window.console.error=function(a){appAPI.internal.sendToConsole(a,"error")};console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,"Crossrider\\onRequest");if(typeof c!=="string"){return 0}if(c.length===0){return 0}c=appAPI.JSON.parse
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\45]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\46]
"Url"="http://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\47]
"JavaScript"="(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appIdfunction(){var B=appAPI.appInfo;if(B){return appAPI.appInfo.id}else{return appAPI.appID}})(),url:{base:{production:"http://resources.crossrider.com",staging:"http://staging-app.crossrider.com"},update:"/apps/{appId}/resources/meta/{lastVersion}"},env:appAPI.appInfo.environment==="staging"?"staging":"production",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:"Resources_",isDebugappAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get("debug_resources_path"))},u=n("meta")||{},g=n("remote_resources")||{remoteId:0},r=n("queue")||{},z=n("lastVersion")||0,y,q;appAPI.resources={init:function(){if(A.isDebug){h()}else{l(function(B){if(B){k()}else{h()}})}},isReady:function(B){q=B;if{h()}},setBrowserIcon:function(B){j(B.replace(/^\s+|\s+
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Plugins\47]
"Url"="http://app-static.crossrider.com/plugins/mins/resources_background.js"

Searching for "Ask.com"
[HKEY_CURRENT_USER\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name] 4
www.ticketmaster.com 1
first
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\MSN\Toolbar\Shared\Obsidian\AutoFill]
"Local"="www.nytimes.com 1
email 16
zip 13
new.aol.com 1
zip 13
desiredsn 3
zip or postal code 13
actionform.zipcode 13
zipcode 13
first name 5
actionform.firstname 5
firstname 5
last name 7
actionform.lastname 7
lastname 7
zip or 
postal code 13
actionform.zipcode 13
zipcode 13
day phone 17
actionform.dayphone 17
dayphone 17
www.amazon.com 1
email 16
emailcheck 16
enteraddressfullname 4
username 4
enteraddressaddressline1 9
enteraddressaddressline2 10
enteraddresscity 11
enteraddressstateorregion 12
zip 13
phone number 17
enteraddressphonenumber 17
wiki.answers.com 1
email address 16
wpemail 16
email 16
r.espn.go.com 1
cellareacode 20
cellprefix 21
cellnumber 22
twitter.com 1
user[name]

Searching for "AVG Secure Search"
[HKEY_CURRENT_USER\Software\AVG Secure Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\ScriptHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}\InProcServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\InprocServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\ScriptHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search]
"ToolbarPath"="C:\Program Files (x86)\AVG Secure Search\13.3.0.17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search]
"Uninstall"="C:\Program Files (x86)\AVG Secure Search\UNINSTALL.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search\Initialize\CONFIGXML]
"Installation/DSP/DisplayName"="AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search\Initialize\DSP]
"DISPLAY_NAME"="AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search\Initialize\General]
"PARTNER_NAME"="AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\13.3.0.17\avg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
"AppPath"="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}]
"AppPath"="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=""C:\Program Files (x86)\AVG Secure Search\vprot.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Path"="C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}\InProcServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}\InprocServer32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}\InprocServer32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\0\win32]
@="C:\Program Files (x86)\AVG Secure Search\GenericWndApi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\toolband"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\13.3.2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2\ScriptHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}\1.0\HELPDIR]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.3.2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.3.2]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.3.2]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.3.2]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AVG Secure Search]

Searching for "Claro LTD"
No data found.

Searching for "Yontoo"
No data found.

Searching for "Wajam"
No data found.

Searching for "PriceGong"
No data found.

Searching for "{44444444-4444-4444-4444-440044504458}"
No data found.

Searching for "{55555555-5555-5555-5555-550055505558}"
No data found.

Searching for "{8E6F1830-9607-4440-8530-13BE7C4B1D14}"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "MyWebSearch"
No data found.

Searching for "BabylonToolbar"
No data found.

Searching for "Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}]
"AppName"="Shopping Sidekick.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}]
"AppPath"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}]
"AppName"="Shopping Sidekick-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}]
"AppPath"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Installer]
"Folder"="C:\Program Files (x86)\Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Name"="Shopping Sidekick"
[HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\Manifest]
"Description"="Shopping Sidekick"

Searching for "iNTERNET_TURBO"
No data found.

========== reg ==========

[HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1]
(Unable to open key - key not found)

[HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss]
(Unable to open key - key not found)

========== dir ==========

C:\Windows\Installer - Parameters: "(none)"

---Files---
10000.msi	--a---- 147968 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
10018.msi	--a---- 3664384 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
1001c.msi	--a---- 3734016 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
10028.msi	--a---- 1819136 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
10068.msi	--a---- 2631168 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]
11c79.msi	--a---- 4675072 bytes	[11:28 19/10/2010]	[11:28 19/10/2010]
161d3.msi	--a---- 2376704 bytes	[05:07 31/03/2010]	[05:07 31/03/2010]
16d06d.msi	--a---- 163840 bytes	[09:14 03/10/2012]	[09:14 03/10/2012]
16d073.msi	--a---- 13074432 bytes	[09:14 03/10/2012]	[09:14 03/10/2012]
17235.msi	--a---- 4505600 bytes	[20:00 01/06/2009]	[20:00 01/06/2009]
1723a.msi	--a---- 581120 bytes	[11:24 19/10/2010]	[11:24 19/10/2010]
17244.msi	--a---- 31928832 bytes	[11:26 19/10/2010]	[11:26 19/10/2010]
17249.msi	--a---- 242176 bytes	[13:46 08/08/2008]	[13:46 08/08/2008]
17312.msi	--a---- 11352064 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17318.msi	--a---- 2075136 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
1731f.msi	--a---- 8941568 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17326.msi	--a---- 1350656 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17359.msi	--a---- 2951680 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17360.msi	--a---- 1616896 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17367.msi	--a---- 1617408 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
1736e.msi	--a---- 1616384 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17375.msi	--a---- 1616896 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
1737c.msi	--a---- 1615872 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17383.msi	--a---- 1615872 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
1738a.msi	--a---- 1616384 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17391.msi	--a---- 1616896 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
17397.msi	--a---- 2101760 bytes	[07:55 10/09/2010]	[07:55 10/09/2010]
1752a6.msi	--a---- 179200 bytes	[13:11 28/09/2012]	[13:11 28/09/2012]
175538.msi	--a---- 877056 bytes	[13:19 28/09/2012]	[13:19 28/09/2012]
17d3c4.msp	-ra---- 39936 bytes	[19:27 09/02/2011]	[19:27 09/02/2011]
17d3dc.msp	-ra---- 4427776 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
17d3f5.msp	-ra---- 2932736 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
17d3ff.msp	-ra---- 136704 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
17d410.msp	-ra---- 1139712 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
17d445.msp	-ra---- 3314688 bytes


----------



## sweetrose

[19:26 09/02/2011]	[19:26 09/02/2011]
17d47f.msp	-ra---- 5870080 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
17d49e.msp	-ra---- 2958336 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
17d4d5.msp	-ra---- 14617088 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
17d4e6.msp	-ra---- 3733504 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
17d4f8.msp	-ra---- 205312 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
17d53a.msp	-ra---- 113664 bytes	[19:29 09/02/2011]	[19:29 09/02/2011]
17d549.msp	-ra---- 1830400 bytes	[19:29 09/02/2011]	[19:29 09/02/2011]
17d561.msp	-ra---- 624640 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
17d570.msp	-ra---- 468480 bytes	[19:26 09/02/2011]	[19:26 09/02/2011]
17d58c.msp	-ra---- 636928 bytes	[19:29 09/02/2011]	[19:29 09/02/2011]
17d596.msp	-ra---- 510976 bytes	[19:29 09/02/2011]	[19:29 09/02/2011]
17d5a7.msp	-ra---- 2144256 bytes	[19:30 09/02/2011]	[19:30 09/02/2011]
17d5b2.msp	-ra---- 60416 bytes	[19:30 09/02/2011]	[19:30 09/02/2011]
17d5bd.msp	-ra---- 23552 bytes	[19:30 09/02/2011]	[19:30 09/02/2011]
17d5cd.msp	-ra---- 24576 bytes	[19:30 09/02/2011]	[19:30 09/02/2011]
1a455.msi	--a---- 22016 bytes	[18:20 23/08/2012]	[18:20 23/08/2012]
1c0d51.msp	-ra---- 4212736 bytes	[13:26 15/03/2012]	[13:26 15/03/2012]
1c0d5a.msp	-ra---- 1187328 bytes	[21:46 22/04/2012]	[21:46 22/04/2012]
1c4e31.msp	-ra---- 23254016 bytes	[16:33 11/07/2011]	[16:33 11/07/2011]
1c4e3c.msp	-ra---- 20333568 bytes	[09:58 13/10/2011]	[09:58 13/10/2011]
1d2fbc.msi	--a---- 251904 bytes	[00:01 22/07/2009]	[00:01 22/07/2009]
1ee337.msp	-ra---- 20333056 bytes	[11:04 16/02/2012]	[11:04 16/02/2012]
1ee340.msp	-ra---- 2829312 bytes	[16:36 26/10/2011]	[16:36 26/10/2011]
1f92c8.msp	-ra---- 5135872 bytes	[08:16 25/03/2011]	[08:16 25/03/2011]
1f92df.msp	-ra---- 35326464 bytes	[10:48 13/04/2011]	[10:48 13/04/2011]
1f92ea.msp	-ra---- 20333056 bytes	[12:00 15/06/2011]	[12:00 15/06/2011]
1f92f1.msi	--a---- 235520 bytes	[03:21 19/04/2011]	[03:21 19/04/2011]
1f92f8.msi	--a---- 227328 bytes	[03:54 19/04/2011]	[03:54 19/04/2011]
20548.msi	--a---- 31232 bytes	[12:57 18/11/2012]	[12:57 18/11/2012]
21953a.msp	-ra---- 4028928 bytes	[20:27 28/06/2011]	[20:27 28/06/2011]
2c32f6.msp	-ra---- 33189888 bytes	[00:42 22/11/2011]	[00:42 22/11/2011]
314d79.msi	--a---- 1629696 bytes	[18:36 26/07/2011]	[18:36 26/07/2011]
31c2ab.msp	-ra---- 1707520 bytes	[09:20 22/01/2012]	[09:20 22/01/2012]
32d13c.msp	-ra---- 8835072 bytes	[06:24 26/12/2011]	[06:24 26/12/2011]
33828f.msi	--a---- 3809280 bytes	[14:14 16/10/2012]	[14:15 16/10/2012]
38339.msi	--a---- 64684544 bytes	[07:17 16/12/2010]	[07:17 16/12/2010]
38345.msi	--a---- 48625664 bytes	[07:20 16/12/2010]	[07:20 16/12/2010]
3834a.msi	--a---- 29130752 bytes	[07:22 16/12/2010]	[07:22 16/12/2010]
38351.msi	--a---- 16698880 bytes	[07:23 16/12/2010]	[07:23 16/12/2010]
38358.msi	--a---- 2356736 bytes	[07:25 16/12/2010]	[07:25 16/12/2010]
3d4798.msi	--a---- 3979776 bytes	[07:05 04/01/2012]	[07:05 04/01/2012]
3d4871.msp	-ra---- 5018624 bytes	[16:18 31/07/2012]	[16:18 31/07/2012]
3d4872.msp	-ra---- 4959232 bytes	[15:47 27/03/2012]	[15:47 27/03/2012]
3fe3d1.msi	--a---- 25600 bytes	[17:28 16/09/2012]	[17:28 16/09/2012]
4195e.msi	--a---- 209408 bytes	[00:31 22/07/2009]	[00:31 22/07/2009]
41969.msp	-ra---- 20303872 bytes	[07:46 06/03/2011]	[07:46 06/03/2011]
4199c.msp	-ra---- 20304384 bytes	[07:56 06/03/2011]	[07:56 06/03/2011]
4230f.msi	--a---- 20248064 bytes	[15:23 20/04/2011]	[15:23 20/04/2011]
42aab9.msi	--a---- 2834432 bytes	[18:06 14/12/2012]	[18:06 14/12/2012]
47b7fb.msp	-ra---- 38672896 bytes	[22:06 18/05/2011]	[22:06 18/05/2011]
47b81b.msp	-ra---- 194340864 bytes	[03:12 07/04/2011]	[03:12 07/04/2011]
4c5112.msi	--a---- 5963776 bytes	[21:54 07/02/2011]	[21:54 07/02/2011]
4c5118.msi	--a---- 5818368 bytes	[21:55 07/02/2011]	[21:55 07/02/2011]
4ee852.msi	--a---- 1901056 bytes	[21:41 18/03/2010]	[21:41 18/03/2010]
53b37.msp	-ra---- 25810944 bytes	[10:16 06/09/2012]	[10:16 06/09/2012]
53b4c.msp	-ra---- 15580672 bytes	[09:35 10/09/2012]	[09:35 10/09/2012]
567978.msi	--a---- 18307072 bytes	[19:22 04/03/2011]	[19:22 04/03/2011]
56fd4.msp	-ra---- 23633408 bytes	[07:59 11/02/2011]	[07:59 11/02/2011]
594d2.msi	--a---- 8544256 bytes	[06:35 13/04/2011]	[06:35 13/04/2011]
59e6ad.msi	--a---- 3552768 bytes	[19:53 27/10/2011]	[19:53 27/10/2011]
59e6b3.msi	--a---- 3027968 bytes	[19:53 27/10/2011]	[19:53 27/10/2011]
5b5ac.msi	--a---- 2761728 bytes	[06:03 11/01/2011]	[06:03 11/01/2011]
61a19a.msp	-ra---- 2721280 bytes	[08:57 28/04/2011]	[08:57 28/04/2011]
74b8d.ipi	--a---- 61440 bytes	[08:47 04/11/2011]	[08:47 04/11/2011]
78c3d7.msp	-ra---- 20343808 bytes	[21:13 11/05/2012]	[21:13 11/05/2012]
78c3fa.msp	-ra---- 39732736 bytes	[13:54 15/12/2011]	[13:54 15/12/2011]
78c407.msp	-ra---- 11997696 bytes	[13:20 19/01/2012]	[13:20 19/01/2012]
7acd2d.msi	--a---- 8822784 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acd3f.msp	-ra---- 39936 bytes	[20:29 31/08/2011]	[20:29 31/08/2011]
7acd75.msp	-ra---- 4425728 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acd8e.msp	-ra---- 2933248 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acd98.msp	-ra---- 136704 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acda9.msp	-ra---- 1139200 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acdb6.msp	-ra---- 715264 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acdda.msp	-ra---- 3313152 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7ace1b.msp	-ra---- 5872128 bytes	[20:29 31/08/2011]	[20:29 31/08/2011]
7ace3a.msp	-ra---- 2956288 bytes	[20:29 31/08/2011]	[20:29 31/08/2011]
7ace71.msp	-ra---- 14623744 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7ace82.msp	-ra---- 3731968 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7ace94.msp	-ra---- 205824 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acea7.msp	-ra---- 3103744 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7aceb6.msp	-ra---- 1828864 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acec1.msp	-ra---- 29184 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acecf.msp	-ra---- 626688 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acede.msp	-ra---- 468480 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
7acefe.msp	-ra---- 636416 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf08.msp	-ra---- 509952 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf19.msp	-ra---- 2146816 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf24.msp	-ra---- 60416 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf2f.msp	-ra---- 23552 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf39.msp	-ra---- 30720 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
7acf50.msp	-ra---- 24576 bytes	[20:30 31/08/2011]	[20:30 31/08/2011]
87dba.msi	--a---- 26112 bytes	[18:32 17/04/2012]	[18:32 17/04/2012]
87dc3.msi	--a---- 74240 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87dc8.msp	-ra---- 39936 bytes	[18:32 17/04/2012]	[18:32 17/04/2012]
87dd8.msi	--a---- 9553408 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87df0.msi	--a---- 9433088 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87dff.msp	-ra---- 4426240 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e04.msi	--a---- 7710720 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87e18.msp	-ra---- 2932224 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e1d.msi	--a---- 429056 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87e22.msp	-ra---- 136704 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e27.msi	--a---- 4004864 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87e33.msp	-ra---- 1139712 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e38.msi	--a---- 2310656 bytes	[19:26 09/02/2011]	[19:26 09/02/2011]
87e40.msp	-ra---- 715264 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e48.msi	--a---- 8332288 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87e64.msp	-ra---- 3312128 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e6c.msi	--a---- 22647296 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
87e7f.msp	-ra---- 5535744 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87e86.msi	--a---- 13850624 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87e9d.msp	-ra---- 5868544 bytes	[18:33 17/04/2012]	[18:33 17/04/2012]
87ea2.msi	--a---- 8313856 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87ebc.msp	-ra---- 2957312 bytes	[18:34 17/04/2012]	[18:34 17/04/2012]
87ec7.msi	--a---- 34193408 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87ef2.msp	-ra---- 14624256 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87efa.msi	--a---- 11846656 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87f03.msp	-ra---- 3734016 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f0c.msi	--a---- 775168 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87f15.msp	-ra---- 205824 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f2d.msi	--a---- 6363136 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f6a.msp	-ra---- 276480 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f72.msi	--a---- 6195200 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87f7d.msp	-ra---- 3105792 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f83.msi	--a---- 3454976 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87f8c.msp	-ra---- 1829376 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f91.msi	--a---- 67072 bytes	[19:25 09/02/2011]	[19:25 09/02/2011]
87f97.msp	-ra---- 29184 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87f9c.msi	--a---- 1492992 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87fa5.msp	-ra---- 625664 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87faa.msi	--a---- 1070592 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87fb4.msp	-ra---- 468480 bytes	[18:35 17/04/2012]	[18:35 17/04/2012]
87fba.msi	--a---- 6661632 bytes	[20:28 31/08/2011]	[20:28 31/08/2011]
87fc4.msp	-ra---- 5124096 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
87fca.msi	--a---- 3410944 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87fd0.msp	-ra---- 635904 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
87fd5.msi	--a---- 4175360 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87fda.msp	-ra---- 509952 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
87fe0.msi	--a---- 4250112 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
87feb.msp	-ra---- 2146304 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
87ff1.msi	--a---- 153600 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]
87ff6.msp	-ra---- 60416 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
87ffc.msi	--a---- 29696 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]
88001.msp	-ra---- 23552 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
88006.msi	--a---- 74240 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]
8800b.msp	-ra---- 30720 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
88010.msi	--a---- 65536 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
8801b.msi	--a---- 56832 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]
88022.msp	-ra---- 24576 bytes	[18:36 17/04/2012]	[18:36 17/04/2012]
9821bf.msp	-ra---- 20308992 bytes	[16:00 08/03/2011]	[16:00 08/03/2011]
a7f95.msp	-ra---- 20314624 bytes	[07:41 21/04/2011]	[07:41 21/04/2011]
aae2f.msi	--a---- 235008 bytes	[07:48 11/01/2011]	[07:48 11/01/2011]
aae36.msi	--a---- 226816 bytes	[08:19 11/01/2011]	[08:19 11/01/2011]
bf333.msi	--a---- 2770944 bytes	[07:44 16/04/2011]	[07:44 16/04/2011]
c8b63.msi	--a---- 6042112 bytes	[21:07 30/09/2008]	[21:07 30/09/2008]
c8b6a.msi	--a---- 6057984 bytes	[00:29 21/07/2009]	[00:29 21/07/2009]
d06d.msi	--a---- 6678016 bytes	[11:30 19/10/2010]	[11:30 19/10/2010]
d072.msi	--a---- 321024 bytes	[14:52 01/09/2009]	[14:52 01/09/2009]
d077.msi	--a---- 784384 bytes	[11:31 19/10/2010]	[11:31 19/10/2010]
d086.msi	--a---- 232960 bytes	[13:11 08/08/2008]	[13:11 08/08/2008]
d08c.msi	--a---- 223232 bytes	[11:16 12/07/2009]	[11:16 12/07/2009]
d3ab9.msi	--a---- 8708096 bytes	[10:12 10/12/2012]	[10:12 10/12/2012]
e65c.msi	--a---- 9901568 bytes	[07:09 16/12/2010]	[07:09 16/12/2010]
e665.msi	--a---- 7710208 bytes	[07:10 16/12/2010]	[07:10 16/12/2010]
e68e.msi	--a---- 3914240 bytes	[07:10 16/12/2010]	[07:10 16/12/2010]
e693.msi	--a---- 2894336 bytes	[13:39 04/10/2010]	[13:39 04/10/2010]
f026db.msp	-ra---- 510464 bytes	[09:12 25/11/2010]	[09:12 25/11/2010]
f026e2.msp	-ra---- 1732608 bytes	[08:41 16/07/2010]	[08:41 16/07/2010]
ff6d.msi	--a---- 53248 bytes	[20:48 17/08/2009]	[20:48 17/08/2009]
ff73.msp	-ra---- 15709696 bytes	[11:43 19/10/2010]	[11:43 19/10/2010]
ff87.msi	--a---- 332288 bytes	[16:44 11/11/2009]	[16:44 11/11/2009]
ff8c.msi	--a---- 496640 bytes	[13:14 12/11/2009]	[13:14 12/11/2009]
ffa0.msi	--a---- 2391040 bytes	[11:44 19/10/2010]	[11:44 19/10/2010]
ffa5.msi	--a---- 8992256 bytes	[11:45 19/10/2010]	[11:45 19/10/2010]
ffac.msp	-ra---- 20240896 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
ffd4.msi	--a---- 4227072 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
ffd8.msi	--a---- 2081792 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
ffe4.msi	--a---- 2856448 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
ffe8.msi	--a---- 53248 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
ffec.msi	--a---- 37888 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
fff8.msi	--a---- 4680704 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
fffc.msi	--a---- 2343936 bytes	[11:48 19/10/2010]	[11:48 19/10/2010]
MSI10E8.tmp	--a---- 217088 bytes	[14:30 23/04/2011]	[14:30 23/04/2011]
MSI3DEB.tmp	--a---- 5226104 bytes	[17:43 20/07/2012]	[17:43 20/07/2012]
MSI48BE.tmp	--a---- 5226104 bytes	[17:41 20/07/2012]	[17:41 20/07/2012]
MSI4A8.tmp	--a---- 361989 bytes	[16:38 26/10/2012]	[16:38 26/10/2012]
MSI4EA9.tmp	--a---- 76800 bytes	[19:03 21/07/2012]	[19:03 21/07/2012]
MSI4FCA.tmp	--a---- 271872 bytes	[13:21 28/09/2012]	[13:21 28/09/2012]
MSI6129.tmp	--a---- 180224 bytes	[17:18 31/01/2011]	[17:18 31/01/2011]
MSI6752.tmp	--a---- 5227640 bytes	[07:42 11/09/2012]	[07:42 11/09/2012]
MSI71F9.tmp	--a---- 361989 bytes	[13:18 17/10/2012]	[13:19 17/10/2012]
MSI765C.tmp	--a---- 2710856 bytes	[13:06 17/06/2011]	[13:06 17/06/2011]
MSI7988.tmp	--a---- 361989 bytes	[14:34 27/10/2012]	[14:34 27/10/2012]
MSI87AD.tmp	--a---- 361989 bytes	[18:57 26/10/2012]	[18:57 26/10/2012]
MSI937D.tmp	--a---- 402704 bytes	[17:29 07/12/2012]	[17:29 07/12/2012]
MSIA710.tmp	--a---- 361989 bytes	[19:42 26/10/2012]	[19:42 26/10/2012]
MSIAD01.tmp	--a---- 361989 bytes	[16:28 26/10/2012]	[16:28 26/10/2012]
MSIB1C.tmp	--a---- 361989 bytes	[14:26 30/10/2012]	[14:26 30/10/2012]
MSIBC54.tmp	--a---- 76800 bytes	[09:20 03/10/2012]	[09:20 03/10/2012]
MSIC1B.tmp	--a---- 361989 bytes	[13:13 26/10/2012]	[14:51 26/10/2012]
MSIDE24.tmp	--a---- 361989 bytes	[17:06 26/10/2012]	[17:07 26/10/2012]
MSIE2F7.tmp	--a---- 5330552 bytes	[10:15 10/12/2012]	[10:15 10/12/2012]
MSIE761.tmp	--a---- 183296 bytes	[06:21 05/10/2012]	[06:21 05/10/2012]
MSIEFEA.tmp	--a---- 183296 bytes	[07:02 27/09/2012]	[07:02 27/09/2012]
wix{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}.SchedServiceConfig.rmi	--a---- 0 bytes	[18:38 17/04/2012]	[18:38 17/04/2012]
wix{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}.SchedServiceConfig.rmi	--a---- 0 bytes	[19:28 09/02/2011]	[19:28 09/02/2011]
wix{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}.SchedServiceConfig.rmi	--a---- 0 bytes	[20:32 31/08/2011]	[20:32 31/08/2011]
wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi	--a---- 0 bytes	[11:49 19/10/2010]	[11:49 19/10/2010]

---Folders---
$PatchCache$	d--hs--	[11:35 19/10/2010]
{00E1E235-AB45-4695-A156-073118949ED4}	d------	[14:56 10/08/2011]
{066CFFF8-12BF-4390-A673-75F95EFF188E}	d------	[07:12 16/12/2010]
{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}	d------	[11:40 19/10/2010]
{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}	d------	[18:38 17/04/2012]
{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}	d------	[11:39 19/10/2010]
{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}	d------	[07:10 16/12/2010]
{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}	d------	[11:39 19/10/2010]
{24811C12-F4A9-4D0F-8494-A7B8FE46123C}	d------	[11:28 19/10/2010]
{33643918-7957-4839-92C7-EA96CB621A98}	d------	[11:40 19/10/2010]
{50816F92-1652-4A7C-B9BC-48F682742C4B}	d------	[18:42 17/04/2012]
{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}	d------	[07:10 16/12/2010]
{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}	d------	[11:40 19/10/2010]
{5279374D-87FE-4879-9385-F17278EBB9D3}	d------	[07:09 16/12/2010]
{555868C6-49FB-484F-BB43-8980651A1B00}	d------	[11:40 19/10/2010]
{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}	d------	[09:15 20/11/2011]
{5DA0E02F-970B-424B-BF41-513A5018E4C0}	d------	[07:23 16/12/2010]
{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}	d------	[11:41 19/10/2010]
{66049135-9659-4AAD-9169-9CCA269EBB3E}	d------	[11:40 19/10/2010]
{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}	d------	[15:25 20/04/2011]
{6DFB899F-17A2-48F0-A533-ED8D6866CF38}	d------	[11:39 19/10/2010]
{773970F1-5EBA-4474-ADEE-1EA3B0A59492}	d------	[11:30 19/10/2010]
{788A0222-5690-4212-AA9C-C48FD0E1C9AE}	d------	[20:54 01/04/2011]
{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}	d------	[08:48 11/02/2011]
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}	d------	[11:49 19/10/2010]
{92E25238-61A3-4ACD-A407-3C480EEF47A7}	d------	[11:41 19/10/2010]
{95140000-0070-0000-0000-0000000FF1CE}	d------	[07:27 16/12/2010]
{981029E0-7FC9-4CF3-AB39-6F133621921A}	d------	[11:44 19/10/2010]
{A726AE06-AAA3-43D1-87E3-70F510314F04}	d------	[18:41 17/04/2012]
{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}	d------	[19:54 27/10/2011]
{A81A974F-8A22-43E6-9243-5198FF758DA1}	d------	[19:53 27/10/2011]
{AC76BA86-7AD7-1033-7B44-A95000000001}	d------	[14:00 28/09/2012]
{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}	d------	[09:49 28/06/2011]
{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}	d------	[11:30 19/10/2010]
{C14518AF-1A0F-4D39-8011-69BAA01CD380}	d------	[11:26 19/10/2010]
{D4322448-B6AF-4316-B859-D8A0E84DCB38}	d------	[07:22 16/12/2010]
{DECDCB7C-58CC-4865-91AF-627F9798FE48}	d------	[18:41 17/04/2012]
{E0FAA369-B0E3-48B8-9447-4873103B0012}	d------	[07:19 16/12/2010]
{E5B21F11-6933-4E0B-A25C-7963E3C07D11}	d------	[18:40 17/04/2012]
{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}	d------	[19:22 04/03/2011]
{E65C7D8E-186D-484B-BEA8-DEF0331CE600}	d------	[11:31 19/10/2010]
{EB4DF488-AAEF-406F-A341-CB2AAA315B90}	d------	[19:30 09/02/2011]
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}	d------	[11:50 19/10/2010]
{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}	d------	[07:25 16/12/2010]
{F467862A-D9CA-47ED-8D81-B4B3C9399272}	d------	[11:41 19/10/2010]
{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}	d------	[11:39 19/10/2010]
{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}	d------	[11:41 19/10/2010]
{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}	d------	[11:40 19/10/2010]
{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}	d------	[08:48 11/02/2011]
{F67FA545-D8E5-4209-86B1-AEE045D1003F}	d------	[07:22 16/12/2010]
{FDE58148-57E7-43BF-879A-29CCE818C078}	d------	[11:43 19/10/2010]

C:\Users\ann\Downloads - Parameters: "/s"

---Files---
043.JPG	--a---- 4989512 bytes	[20:50 04/09/2012]	[20:50 04/09/2012]
57a46a27-5176-4594-beb7-2def0f0b8bd4.wmv	--a---- 22245535 bytes	[20:54 09/03/2011]	[20:54 09/03/2011]
Attachments_2012_10_18.zip	--a---- 22 bytes	[21:02 18/10/2012]	[07:12 21/10/2012]
AVG Anti-Virus Free Edition.exe	--a---- 4411392 bytes	[14:27 05/11/2012]	[14:27 05/11/2012]
chromeinstall-7u7.exe	--a---- 894952 bytes	[13:47 28/09/2012]	[13:47 28/09/2012]
erunt_setup (2).exe	--a---- 791393 bytes	[20:49 02/12/2012]	[20:49 02/12/2012]
fix.zip	--a---- 4568 bytes	[14:37 04/12/2012]	[18:12 18/12/2012]
Image001 (1).jpg	--a---- 269442 bytes	[17:52 20/11/2012]	[17:52 20/11/2012]
jre-7u7-windows-i586 (1).exe	--a---- 31175144 bytes	[12:56 28/09/2012]	[12:57 28/09/2012]
mbam-setup-1.65.1.1000.exe	--a---- 10669952 bytes	[23:28 15/11/2012]	[23:29 15/11/2012]
msgr11us (1).exe	--a---- 439704 bytes	[18:37 06/12/2012]	[18:37 06/12/2012]
OTL.exe	--a---- 602112 bytes	[19:28 24/11/2012]	[19:28 24/11/2012]
OTL.Txt	--a---- 132140 bytes	[19:45 24/11/2012]	[19:45 24/11/2012]
OTM-Fix (2).txt	--a---- 16894 bytes	[17:30 15/12/2012]	[17:30 15/12/2012]
OTM.exe	--a---- 522240 bytes	[15:46 20/12/2012]	[15:46 20/12/2012]
Photo.zip	--a---- 22 bytes	[20:15 17/03/2012]	[20:16 17/03/2012]
SecurityCheck (1).exe	--a---- 881724 bytes	[20:23 27/09/2012]	[20:24 27/09/2012]
sfp (3).zip	--a---- 22 bytes	[13:52 10/10/2012]	[18:49 28/10/2012]
SystemLook.exe	--a---- 139264 bytes	[07:40 25/12/2012]	[07:40 25/12/2012]
SystemLook.txt	--a---- 518 bytes	[14:03 22/11/2012]	[20:21 27/12/2012]
SystemLook_x64 (1).exe	--a---- 165376 bytes	[20:51 29/11/2012]	[20:51 29/11/2012]
SystemLook_x64.exe	--a---- 165376 bytes	[20:10 27/12/2012]	[20:10 27/12/2012]

C:\Users\ann\Downloads\New folder	d------	[17:12 07/10/2012]
Pictures - Shortcut.lnk	--a---- 1080 bytes	[19:18 24/11/2012]	[19:18 24/11/2012]


----------



## sweetrose

]	[19:18 24/11/2012]

C:\Users\ann\Downloads\New folder (2)	d------	[17:33 09/10/2012]

C:\Users\ann\Downloads\New folder (3)	d------	[21:43 17/12/2012]

C:\Users\ann\Downloads\New folder (4)	d------	[15:40 19/12/2012]

C:\Users\ann\Downloads\New folder (5)	d------	[10:43 20/12/2012]

========== file ==========

C:\Program:file - Unable to find/read file.

C:\Program Files (x86)\Windows Live\Messenger\msimg32 - Unable to find/read file.

-= EOF =-


----------



## eddie5659

Yep, received it, thanks 

Had a good time, especially last night 

Now, although you posted a nice looong list, the parts left to remove are greatly reduced. I'm going to leave that part for now, as I want to see if some of the other programs that we tried have been updated, so that they can remove them easily.

So, lets start with MBAM. You will have that already installed, just look on either the Desktop for the icon, or in your Start | Programs list. Its called:

*Malwarebytes' Anti-Malware*


When you open it, it will probably ask if you want to update it, say Yes, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

eddie


----------



## sweetrose

happy new year Eddie...........so did you get drunk last night.......

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ann :: ANN-TOSH [administrator]

01/01/2013 14:26:29
mbam-log-2013-01-01 (14-26-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210803
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## eddie5659

I did have a bit, it was only wine as I stayed in, but when you look and realise you've drunk nearly 2 bottles, it can go straight to the head 

Hope you had a nice evening as well 

Okay, nice to see MBAM coming up clean. Now, can you run these two again, as follows:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----------

Please download *AdwCleaner* by Xplode onto your desktop.

When you double-click it to open, it will look like this:










Click on the *Search* button:










A log will appear when its finished, but if you can't see it, it will be in this location:

*C:\AdwCleaner[R1].txt*

Post the contents here as before


----------



## sweetrose

i was on my own to..but only had one drink ,i ws sick eddie,
will try this now


----------



## eddie5659

Was it the vomiting bug? Hope you're feeling better


----------



## sweetrose

it was yes,,,,,,i still feel sick hope you dont get it....
Eddie it wont come on,the download you give me


----------



## eddie5659

Which one, the Junkremoval or AdwCleaner tool?


----------



## sweetrose

yes thats the one you just sent me.....


----------



## eddie5659

If you click on this link:

http://thisisudax.org/downloads/JRT.exe

It should start to download. That's the first one, called JunkRemoval


----------



## sweetrose

think its working now


----------



## eddie5659

Oki doki


----------



## sweetrose

i have the junk mail runing,now Eddie what do i do when it stops


----------



## sweetrose

junkwere


----------



## eddie5659

A log should pop up, copy/paste the details here as before


----------



## sweetrose

ok will do that...,,are you back at work now


----------



## sweetrose

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Windows 7 Home Premium x64
Ran by ann on 02/01/2013 at 20:59:48.30
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] browser manager 
Successfully deleted: [Service] browser manager

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page 
Failed to delete: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2371791720-1978839507-1749061906-1001\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"

~~~ Files

Successfully deleted: [File] "C:\Users\ann\appdata\local\google\chrome\user data\default\local storage\http_info.claro-search.com_0.localstorage"
Successfully deleted: [File] "C:\Users\ann\appdata\local\google\chrome\user data\default\local storage\http_info.claro-search.com_0.localstorage-journal"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\Users\ann\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\ann\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/01/2013 at 21:43:55.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## eddie5659

Well, I was at work thru christmas. So, it was in xmas eve, off for two days, in for two days, off for two days, in for new years eve, off one day, and now back.

So, I didn't really get a full christmas, and a lot of family visits, plus can't get into the work pattern 

Looks like a good amount removed, can you try this one now:

Please download *AdwCleaner* by Xplode onto your desktop.

When you double-click it to open, it will look like this:










Click on the *Search* button:










A log will appear when its finished, but if you can't see it, it will be in this location:

*C:\AdwCleaner[R1].txt*

Post the contents here as before


----------



## sweetrose

dwCleaner v2.104 - Logfile created 01/03/2013 at 17:50:20
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
K Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\ann\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\5d0dddabc6ab915
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\5d0dddabc6ab915
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.29] : icon_url = "hxxp://www.claro-search.com/favicon.ico",
Found [l.32] : keyword = "claro-search.com",
Found [l.35] : search_url = "hxxp://www.claro-search.com/?q={searchTerms}&affID=117166&tt=4912_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8",

*************************

AdwCleaner[R1].txt - [29826 octets] - [03/11/2012 18:53:29]
AdwCleaner[R2].txt - [15825 octets] - [15/11/2012 21:13:33]
AdwCleaner[R3].txt - [15886 octets] - [15/11/2012 21:15:23]
AdwCleaner[R4].txt - [4991 octets] - [03/01/2013 17:50:20]
AdwCleaner[S1].txt - [29417 octets] - [03/11/2012 19:15:47]
AdwCleaner[S2].txt - [1025 octets] - [03/11/2012 19:21:46]
AdwCleaner[S3].txt - [1036 octets] - [03/11/2012 19:40:19]
AdwCleaner[S4].txt - [16565 octets] - [15/11/2012 21:49:18]

########## EOF - C:\AdwCleaner[R4].txt - [5293 octets] ##########


----------



## sweetrose

here it is ......so yr been of and on work all over christmaas and new year


----------



## eddie5659

Yep, but I plan to be booking off extra days at easter, I want the time off, and nope, not doing anything but relaxing 


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S5].txt* as well.


----------



## sweetrose

dwCleaner v2.104 - Logfile created 01/03/2013 at 18:21:36
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ann - ANN-TOSH
# Boot Mode : Normal
# Running from : C:\Users\ann\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Users\ann\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\ann\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\ann\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\5d0dddabc6ab915
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5d0dddabc6ab915
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.29] : icon_url = "hxxp://www.claro-search.com/favicon.ico",
Deleted [l.32] : keyword = "claro-search.com",
Deleted [l.35] : search_url = "hxxp://www.claro-search.com/?q={searchTerms}&affID=117166&tt=4912_1&babsrc=SP_s[...]

*************************

AdwCleaner[R1].txt - [29826 octets] - [03/11/2012 18:53:29]
AdwCleaner[R2].txt - [15825 octets] - [15/11/2012 21:13:33]
AdwCleaner[R3].txt - [15886 octets] - [15/11/2012 21:15:23]
AdwCleaner[R4].txt - [5350 octets] - [03/01/2013 17:50:20]
AdwCleaner[S1].txt - [29417 octets] - [03/11/2012 19:15:47]
AdwCleaner[S2].txt - [1025 octets] - [03/11/2012 19:21:46]
AdwCleaner[S3].txt - [1036 octets] - [03/11/2012 19:40:19]
AdwCleaner[S4].txt - [16565 octets] - [15/11/2012 21:49:18]
AdwCleaner[S5].txt - [5201 octets] - [03/01/2013 18:21:36]

########## EOF - C:\AdwCleaner[S5].txt - [5261 octets] ##########


----------



## sweetrose

so yr just going to have a few lazzy days at home.i dont blame you........;.)


----------



## eddie5659

Roll on easter 

Still, not at work this wekend, but will be there next Saturday for most of the day. Good thing I get overtime 

Looks like we're making some headway, so if you can run the following with OTM, exactly as you did here, and let me know how it goes. If you get a log, please post it 



Code:


:Processes
explorer.exe
avgidsagent.exe
avgtray.exe
StartManSvc.exe
SSDMonitor.exe
avgwdsvc.exe
BoostSpeed.exe
:Files
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\HiYo
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\Info\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\HiYo\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\Bin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HiYo\"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Crossrider]
[-HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"==
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\oobe\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\assets\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Ask.com\Updater\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASMANCS]
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


----------



## sweetrose

rror: Unable to interpret <[EMPTYFLASH] > in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTM by OldTimer - Version 3.1.21.0 log created on 01032013_194532

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 01032013_194418


----------



## eddie5659

Okay, make sure you include all of the log, starting from here:



> *rocesses*
> explorer.exe
> avgidsagent.exe
> avgtray.exe
> StartManSvc.exe
> SSDMonitor.exe
> avgwdsvc.exe
> BoostSpeed.exe
> :Files
> C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2
> C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]
> C:\Program Files (x86)\Ask.com
> C:\Program Files (x86)\HiYo
> :Reg
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
> etc


That's just a quick snapshot, use the full log here:

http://forums.techguy.org/8571967-post645.html


----------



## sweetrose

so when yr not working you still get pade.......; )

ll processes killed
Error: Unable to interpret <ocesses> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <avgidsagent.exe> in the current context!
Error: Unable to interpret <avgtray.exe> in the current context!
Error: Unable to interpret <StartManSvc.exe> in the current context!
Error: Unable to interpret <SSDMonitor.exe> in the current context!
Error: Unable to interpret <avgwdsvc.exe> in the current context!
Error: Unable to interpret <BoostSpeed.exe> in the current context!
========== FILES ==========
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_Media Bar_2 not found.
File/Folder C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected] not found.
File/Folder C:\Program Files (x86)\Ask.com not found.
File/Folder C:\Program Files (x86)\HiYo not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\HiYo\Info\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\HiYo\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\HiYo\Bin\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\HiYo\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Shopping Sidekick\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Crossrider\ not found.
Registry key HKEY_USERS\S-1-5-21-2371791720-1978839507-1749061906-1001\Software\AppDataLow\Software\Shopping Sidekick\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\content\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\chrome\skin\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\preferences\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\defaults\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\"C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\yc4ovlk6.default\extensions\[email protected]\searchplugins\"=| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Ask.com\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Ask.com\assets\oobe\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Ask.com\assets\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Ask.com\Updater\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21111111-1111-1111-1111-110011501158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shopping Sidekick-InternalInstaller_RASMANCS\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131072 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 16017837 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 01032013_195232

Files moved on Reboot...
File C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


----------



## eddie5659

Not really, I have to go to work on next Saturday and actually work all day.

I'm also on-call every 6 weeks, so get paid for that even if I don't get a phone call 

Good to see the above aren't there, give me a few mins to look to see whats next


----------



## sweetrose

are you on call at night aswell,............


----------



## eddie5659

Okay, can you post a nice, fresh *OTL* log. You'll need a new copy, as it gets updated daily 

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open only one notepad window. *OTL.Txt*. This are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


----------



## eddie5659

Yep, just one week every 6 weeks


----------



## sweetrose

OTL logfile created on: 1/3/2013 8:57:58 PM - Run 16
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 34.85% Memory free
3.74 Gb Paging File | 1.92 Gb Available in Paging File | 51.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 82.40 Gb Free Space | 70.76% Space Free | Partition Type: NTFS
Drive D: | 116.05 Gb Total Space | 11.35 Gb Free Space | 9.78% Space Free | Partition Type: NTFS

Computer Name: ANN-TOSH | User Name: ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ann\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

========== Services (SafeList) ==========

SRV:*64bit:* - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:*64bit:* - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:*64bit:* - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:*64bit:* - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:*64bit:* - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:*64bit:* - (vodafone_K380x-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:*64bit:* - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:*64bit:* - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:*64bit:* - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:*64bit:* - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{ABA5AE01-9B23-4AC7-9BA7-E0345C1287FB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.yahoo.com/?ilc=8.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{400E7EA1-093B-4D0E-90AC-CAAEF713611E}: "URL" = http://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{A25208D0-8D9E-4B0D-B6DE-CCB82D68D3C2}: "URL" = http://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKCU\..\SearchScopes\{E0F1151B-5874-4D8B-8E18-506FA493AB23}: "URL" = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 15:31:30 | 000,000,000 | ---D | M]

[2012/11/03 14:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-search.com/?q={searchTerms}&affID=117166&tt=4912_1&babsrc=SP_ss&mntrId=66338fed00000000000088252cba0aa8
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\ann\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2013/01/03 19:52:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8303406A-D415-481D-984A-0CB67A97EB51}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/03 14:22:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A9B27934-4BB1-4FDD-875D-AB3089366CC5}
[2013/01/02 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{04BDB623-67B3-4240-9E40-D7982C966832}
[2013/01/02 08:17:53 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E0EB2F37-24AC-4CEC-B5BC-477CF466BFB3}
[2013/01/01 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{06425220-62C7-4F8C-83BF-49EBAB2E4032}
[2013/01/01 14:25:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Programs
[2013/01/01 08:14:19 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D4807F2C-345E-48A4-9590-C1D16B86A14A}
[2012/12/31 20:13:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2530B279-5515-47E4-B09C-CF205D11BA3E}
[2012/12/31 08:13:02 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{A19521E5-95D7-47D4-BCAD-D140BF166935}
[2012/12/30 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5F39E75B-246F-499F-A77E-EB6FB57DF412}
[2012/12/30 08:11:47 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{61482192-9FFB-45D8-B9AC-A795A68D21ED}
[2012/12/29 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{E7E76786-6620-4371-B804-6ABC3A044D76}
[2012/12/29 07:40:37 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{0C926E95-F352-482E-B201-C84C8C658C3A}
[2012/12/28 10:40:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CFAB3D47-7C45-471B-B73A-F0A9D4B8C93E}
[2012/12/28 07:08:20 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D8D04A37-B63A-40C3-B1BC-68F41E30F888}
[2012/12/27 11:56:39 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{033705FC-FFE2-4676-A15E-E9F928E88440}
[2012/12/26 20:10:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1DBC1DFA-ED2F-4C4D-96D1-58A92E682712}
[2012/12/26 08:10:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{CDB6A947-DDCC-4DEE-BDED-45CCB575CFC6}
[2012/12/25 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{59D010D6-5C4C-4E3A-9AD5-B2513E753350}
[2012/12/25 07:09:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B773CB40-08CE-4A96-BD3F-B967F28CC948}
[2012/12/24 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{38DB0678-82AF-478F-A242-7D111BEF015E}
[2012/12/23 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D50E17D2-22C1-4D31-A2A3-6FA129B9C804}
[2012/12/23 07:55:12 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B37B8EDA-399A-43C9-93D1-8DF7FBC8DCD3}
[2012/12/22 12:11:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{3063CF18-BD42-4DA7-8CDF-0AA6E99EA9B9}
[2012/12/21 19:39:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{63200B68-6A64-4C1C-817E-88486021E391}
[2012/12/21 11:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/21 11:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/12/21 10:26:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 10:26:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 10:26:02 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 10:26:02 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 07:38:54 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9F973846-978A-4D57-8394-C1993EA5596F}
[2012/12/20 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{890E4DDC-F1A0-44AB-9313-99D85B96CA7D}
[2012/12/20 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5AC71F89-31CA-4870-ADE2-5CB3E3773F6C}
[2012/12/19 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{17868ED5-5419-4582-A8EB-712E7FC94F0D}
[2012/12/19 07:32:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B34F55A6-6B9B-4F28-9720-A4C280D057E7}
[2012/12/18 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{40119FC8-6FB0-41F3-8BD0-76B46CD4482A}
[2012/12/18 07:30:45 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D59EE80E-50AE-4735-9775-ADFDC2F25DE6}
[2012/12/17 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{6F6E60A9-F797-44B7-A996-F6E0A8ECFB61}
[2012/12/17 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{F55A08AF-FF34-44E7-997F-DD69A9E650AA}
[2012/12/16 07:07:27 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{90DA17F8-A8CA-47B3-8B66-87C02FE29642}
[2012/12/15 10:36:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D73540AF-183A-44E1-9780-8B5DA64D932D}
[2012/12/14 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2104EFF2-790C-4BE6-BF12-18FF8BDFE4F2}
[2012/12/14 07:57:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/14 07:57:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/14 07:57:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/14 07:57:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/14 07:57:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/14 07:57:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/14 07:57:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/14 07:57:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/14 07:57:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/14 07:57:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/14 07:57:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/14 07:57:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/14 07:57:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/14 07:57:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/14 07:57:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/13 23:14:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/13 23:14:30 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/13 23:14:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/13 23:14:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/13 23:14:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/13 23:14:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/13 23:14:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/13 23:14:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/13 23:14:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/13 23:14:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/13 23:14:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/13 23:14:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 23:14:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 23:14:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/13 23:14:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/13 23:14:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 23:14:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 23:14:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 23:14:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/13 23:14:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 23:14:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/13 23:14:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 23:14:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 23:14:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/13


----------



## sweetrose

23:14:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/13 23:14:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 23:14:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 23:14:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 23:14:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/13 23:14:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/13 23:14:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 23:14:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/13 23:14:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/13 23:14:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 23:14:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/13 23:14:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 23:14:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/13 23:14:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/13 23:13:00 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/13 23:13:00 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/13 23:03:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{42437999-6D4D-433C-B503-2D31727312BD}
[2012/12/13 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{7CB0B3C2-4B17-41D9-8D3D-60BAE42884F3}
[2012/12/13 08:37:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{71C0F2DE-E4F9-4E9A-8E0A-54E03205543D}
[2012/12/12 19:38:31 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{32F0C7C7-76E7-4E4B-8B03-D081EABED1DC}
[2012/12/12 07:38:04 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{2FCCB193-8E4F-49AA-A156-2596A06A655A}
[2012/12/11 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\ann\Desktop\New folder (2)
[2012/12/11 13:35:13 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{9EFA11F7-6C69-42CF-9510-D61BCF98942E}
[2012/12/10 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{81B256D0-EFD5-485F-88A6-3A3D663C6506}
[2012/12/10 10:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/10 10:00:48 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{B8869DE9-5F8A-42EC-A7EA-27FE1820E02D}
[2012/12/09 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\ann\Desktop\RK_Quarantine
[2012/12/09 20:22:11 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{5DE8B730-E31D-480E-8314-307E91F89093}
[2012/12/09 17:05:58 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Shopping Sidekick
[2012/12/09 08:21:21 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{1F872070-C57E-4CEA-831E-3581585EBC8D}
[2012/12/08 14:18:01 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{31492B5C-5AC2-4558-B9E7-D3F7E0B4EEEB}
[2012/12/07 19:23:32 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{BEF4CD38-1AEC-4F8D-9DD1-E570E2F42C11}
[2012/12/07 14:28:42 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\JDownloaderDownloadManagerPackages
[2012/12/07 14:27:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/12/07 14:27:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/12/07 07:22:50 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{EFA96079-7972-4714-B0C2-6CF35986CCFE}
[2012/12/06 19:13:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/12/06 18:40:42 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/06 18:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/12/06 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{734EFF20-8337-43E0-BEAB-6F93F49DD679}
[2012/12/05 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{D5AA2E78-A76C-41FB-AAC0-55A5B464BE42}
[2012/12/05 07:41:46 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\{42658F25-89E6-434F-AA16-7CF540327ADC}

========== Files - Modified Within 30 Days ==========

[2013/01/03 20:34:17 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 20:33:22 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001UA.job
[2013/01/03 20:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 20:02:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 20:02:54 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 19:55:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 19:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/03 19:54:49 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 19:52:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/03 15:33:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2371791720-1978839507-1749061906-1001Core.job
[2013/01/01 19:40:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/01 19:40:13 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/01 19:40:13 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/01 14:25:40 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 13:41:47 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/21 11:09:14 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/12/16 17:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 14:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 14:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 14:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 10:18:02 | 000,000,883 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
[2012/12/10 10:17:29 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/06 18:40:42 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/06 18:40:42 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/06 18:40:21 | 000,001,130 | ---- | M] () -- C:\Users\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/12/06 18:40:21 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

========== Files Created - No Company Name ==========

[2012/12/06 18:40:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/06 18:40:21 | 000,001,130 | ---- | C] () -- C:\Users\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/12/06 18:40:21 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/11/08 19:18:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 19:18:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 19:18:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 19:18:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 19:18:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/03 20:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/09/02 12:24:38 | 000,027,520 | ---- | C] () -- C:\Users\ann\AppData\Local\dt.dat
[2011/08/31 07:34:31 | 000,001,072 | ---- | C] () -- C:\Users\ann\Pictures - Shortcut.lnk
[2011/07/21 19:34:13 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{931E4FAA-EDCB-4C4C-9A5F-F55CE7BD62A6}
[2011/07/21 19:05:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8532B172-6F57-4CBE-8E80-FAD83C06C6D3}
[2011/07/15 14:48:15 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{796EF731-ABE6-49A6-8D8F-75DAAE534B52}
[2011/07/15 14:28:59 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0B3B4E74-A96D-457B-A3AC-15AF58ED515A}
[2011/07/15 14:07:30 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{9A0EA9CA-EE6E-4B14-AEA4-EF4E0BE4F54A}
[2011/07/12 16:08:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{AEEDA0C4-B094-40CA-9072-BDC6E4E10BF3}
[2011/07/12 16:04:33 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0D85A837-7B6B-4379-9BE0-29398598E6DE}
[2011/07/11 18:15:42 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{718D1F67-3F23-4AD2-9624-60761184FA16}
[2011/07/11 18:10:51 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{8885552C-C46F-41CE-AF17-7D809AA70F9B}
[2011/07/11 11:00:50 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{0272CA41-FCD0-43E5-BDC1-7D36C50B266C}
[2011/07/11 10:58:10 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F10292BA-458D-48F4-BB5C-6E00413FB3D2}
[2011/07/05 13:29:26 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{1054FAA8-0F34-4A0D-B2D5-E525DD0BA91E}
[2011/07/04 13:18:16 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{812C46D8-1501-4AFA-8AC1-2D540FA281AD}
[2011/07/04 13:09:23 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{B1AB7382-9FDE-4896-B0A9-D0E584BCBEB7}
[2011/07/04 13:03:38 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{FA6271DC-C11C-4274-A832-ECB58B2FC3D7}
[2011/07/03 12:26:22 | 000,000,000 | ---- | C] () -- C:\Users\ann\AppData\Local\{F129A5BC-03A3-4024-A684-6141D5EB5FB4}
[2011/05/14 13:30:15 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011/04/16 07:19:44 | 000,004,608 | ---- | C] () -- C:\Users\ann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/31 17:17:23 | 000,007,605 | ---- | C] () -- C:\Users\ann\AppData\Local\Resmon.ResmonCfg
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >


----------



## eddie5659

Well, what a difference the log looks 

When you compare it to the very beginning, you can see a large chunk of the log has gone, and that was the malware :up:

Okay, now I can see your Java is out of date, so lets work on that next. Also, keep that copy of OTL, as we'll remove just a few things after the Java update 

Off to get some screenies, back in a min


----------



## sweetrose

doing well tonight eddie . )


----------



## eddie5659

Okay, firstly we need to remove the previous one that you downloaded a while back.

So, go to this folder:

*C:\Users\ann\Downloads*

And look for this file:

*jre-7u7-windows-i586 (1).exe*

Right-click on it, and select *Delete* and *Yes*

-----------

Now, click on the following link to get the latest Java:

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Accept the agreement:










Click to download the offline install, called *jre-7u10-windows-i586.exe*











Close any programs you may have running - especially your web browser.

Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.

Check any item with Java Runtime Environment *(JRE or J2SE)* in the name, You should see these:

*Java(TM) 6 Update 20
Java 7 Update 7
*

Click the Remove or Change/Remove button

Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.

Then from your desktop (or your Download folder) double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u10-windows-i586.exe* and select "Run as an Administrator.")

*Don't install any of the toolbars that are offered.*

Let me know how it goes


----------



## eddie5659

Will be back before I sleep, just dashing offline for a bit


----------



## eddie5659

Hi

Any joy with the Java install?


----------



## sweetrose

hi eddie,,,,i think iv dowmload it


----------



## eddie5659

Excellent, have you manged to uninstall the existing versions of Java?


Close any programs you may have running - especially your web browser.

Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.

Check any item with Java Runtime Environment *(JRE or J2SE)* in the name, You should see these:

*Java(TM) 6 Update 20
Java 7 Update 7
*

Click the Remove or Change/Remove button

Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.

Then from your desktop (or your Download folder) double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u10-windows-i586.exe* and select "Run as an Administrator.")

*Don't install any of the toolbars that are offered.*

Let me know how it goes


----------



## sweetrose

wont open Eddie


----------



## eddie5659

What won't open? The update that you downloaded?


----------



## sweetrose

yes,it gos on to windowns


----------



## eddie5659

If you just double-click the file using the mouse, it should open.

When it does, just follow the instructions to install, but remember not to select any toolbars it offers


----------



## sweetrose

cab you send me that download agin


----------



## eddie5659

Oki doki 

I'll post the whole thing, so that you can do it all at the same time, and its easier to refer to 

---------------

Okay, firstly we need to remove the previous one that you downloaded a while back.

So, go to this folder:

*C:\Users\ann\Downloads*

And look for this file:

*jre-7u7-windows-i586 (1).exe*

Right-click on it, and select *Delete* and *Yes*

-----------

Now, click on the following link to get the latest Java:

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Accept the agreement:










Click to download the offline install, called *jre-7u10-windows-i586.exe*











Close any programs you may have running - especially your web browser.

Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.

Check any item with Java Runtime Environment *(JRE or J2SE)* in the name, You should see these:

*Java(TM) 6 Update 20
Java 7 Update 7
*

Click the Remove or Change/Remove button

Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.

Then from your desktop (or your Download folder) double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u10-windows-i586.exe* and select "Run as an Administrator.")

*Don't install any of the toolbars that are offered.*


----------



## sweetrose

its all done eddie


----------



## eddie5659

Did it all install okay, and the old versions removed?

To double-check, can you run this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.


----------



## sweetrose

doing it now eddie,if i don post it tonight it will be tomorrow


----------



## sweetrose

Results of screen317's Security Check version 0.99.56 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2013 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.70.0.1100 
Java 7 Update 10 
*Java version out of Date!* 
Adobe Reader 9 *Adobe Reader out of Date!* 
Google Chrome 21.0.1180.83 
Google Chrome 21.0.1180.89 
Google Chrome 22.0.1229.79 
Google Chrome 22.0.1229.92 
Google Chrome 22.0.1229.94 
Google Chrome 23.0.1271.64 
Google Chrome 23.0.1271.91 
Google Chrome 23.0.1271.95 
Google Chrome 23.0.1271.97 
Google Chrome Plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
AVG avgwdsvc.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 11% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End*


----------



## eddie5659

Okay, I'll have a look tomorrow night, but if not it will be Saturday afternoon, as I'm at work Saturday


Whoops, posted as I typed


----------



## sweetrose

lol Eddie iv sent it post when you can.i say night to you have a good weekend,,,,,,,


----------



## eddie5659

Well, its installed, but says its out of date. Just checked, and its the latest, so its okay 

Back in a min...


----------



## eddie5659

Your Adobe Reader is out of date, so go here for the latest version:

http://get.adobe.com/reader

*Untick* the option to install the McAfee Security Scan Plus, then click on the *Download Now* button.

-------------

If you get stuck with this, let me know and I'll grab some screenshots


----------



## sweetrose

EDdie will try that tomorrow and let you no im of to sleep now so i say night to you,,,,,,,,,,,,,


----------



## eddie5659

Oki doki, good night and will look at this tomorrow


----------



## sweetrose

all dona eddie


----------



## eddie5659

Excellent 

Okay, so far its all looking good, but in the latest log you posted it said this:



> Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)


Do you know if you have a SSD drive? I'm going to assume you don't, as not many do 

So, to find out, do the following:

Firstly, go to the Control Panel, and depending on which set-up you have, do the following:

*Large Icons*

Click on System:










Or if you have *Category*

Click on *System and Security*










Then *System*










When you've managed to find the *System*, look on the left for *Device Manager*:










Click on it, and the following will appear:










Now, look for *Disk Drive* and press the + next to it to expand:










In your reply, type everything that it says. For example, in my picture I have:

*ST310005 24AS SATA Disk Drive*


----------



## sweetrose

ok will try it now


----------



## sweetrose

family usb 934
family usb2 2939a
family usn2 2939c


----------



## sweetrose

toshba mak256565gsxu


----------



## eddie5659

Hmmm, nothing showing for mak256565gsxu. However, you will probably have a brand name laptop.

Can you look to see if you can see a name like Acer,Dell or HP and please post the exact model of the system.

For example, this is a Dell Inspiron 6000:


----------



## sweetrose

is this it........satelitre c660/c6600


----------



## eddie5659

Yep, that's it. Let me have a look at it, and see what there is 

Back in a bit


----------



## sweetrose

ok Eddi i may go to sleep soon so will get yr messge in moring


----------



## eddie5659

Does it have any letters after it, or is it just satellite c660?

Just trying to narrow it down


----------



## eddie5659

Its okay, looks like a sata drive, so a defrag should be okay 

Do you know how to run a defrag? If not, I'll create some screenshots and post it tomorrow. Need sleep myself, but may be on at 8pm tomorow, as I have to stay late at work tomorrow


----------



## sweetrose

dont no how to run it eddiee if you can show me i will try it,
dont stay up late will you night


----------



## sweetrose

Edde it just says..c66o./c66oo no number at the end


----------



## eddie5659

That's okay, managed to find it 

Okay, to do the defrag (and it may take a while so don't run it before you go to sleep  ) do the following:

First, click on Start | All Programs | Accessories:










Then, open up the folder called *System Tools*










And then finally *Disk Defragmenter*










So that this opens up:










Now, click on the C Drive:










And then on the button *Defragment Disk*










And it will go thru the process. Let me know when its done 

---------------------------------

However, if you want to do this first, as in tonight, that would be good, and then run the defragment program tomorrow, nice and early 

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.


----------



## sweetrose

should i scan when iv done it all


----------



## sweetrose

cant find disk Defragment


----------



## sweetrose

fand it now and doing it


----------



## eddie5659

If you're doing the defrag now, wait until its finished, then do the scan. Running both at the same time may cause problems


----------



## sweetrose

ok i will be going to sleep about 10,,.10 30,.will it be done


----------



## eddie5659

It should be, as that is a good two hours away 

Let me know how it goes..


----------



## sweetrose

ok will let you no


----------



## sweetrose

all done Eddie


----------



## eddie5659

Oki doki, now try and run the scan with Eset:

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.


----------



## sweetrose

scaing now Eddie


----------



## sweetrose

Eddie its taking soo long and im going to sleep soon


----------



## sweetrose

did it a few times now it says no threats 
befor it told me it had a few threats but cant find them


----------



## eddie5659

Glad to see its all clear 

Now, dare I ask, has the 999 message gone now?


----------



## sweetrose

it as Eddie...s far any way,,,thank you.but dontt you go i may still ned you


----------



## eddie5659

Don't worry, I'll still be here 

Been stuck at work late for the past few days, as there is a lot of urgent stuff to do. In fact, typing this from work now 

What we'll do, when I get home and eat, is remove the tools that we've used along the way, just to be safe 

eddie


----------



## sweetrose

yr still working,,,,yuk,.thanks lots Eddie.you have really help me not just with 999
but with i laptop too.glad yr still sicking with me,


----------



## eddie5659

Miles behind with my emails, as last night I didn't leave work till 9pm. 13 hours at work, I was shattered last night 

Helping on all manner of things is what I like to do, and I never give up on a thread 

Let me know when you're ready, and we'll look to see how many copies etc of tools you have, and then we'll remove them all


----------



## sweetrose

poor you Eddie............... 

im ready now but dont want to kep you up long


----------



## eddie5659

Okay, finally been thru the thread, and lets just firstly see what you have, as you may have some duplicates.

So, can you do this for me:










If so, you then need to copy/paste this code:



Code:


:dir
C:\Users\ann\Downloads

into it, so that it looks like this:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished 

eddie


----------



## eddie5659

Hiya 

Any joy with the above?

eddie


----------



## sweetrose

sorry Eddie .i never did it,,,,will do it in a few mins,
how are you/still working late


----------



## sweetrose

dont have that now,can you post that again;;;;;;;;;;;


----------



## eddie5659

That's okay, normally away most weekends 

I'm fine. Not working as late, but I still do the overtime. So, staying late for a few hours tomorrow, as all the extra money is good 

Try to get it from one of these links:

*Download Mirror #1
Download Mirror #2*

And then do the bit above with the screenshots I posted 

Will watch a film soon, as I have to get them sent back so I can have new rentals for the weekend, but wil be on later tonight 

eddie


----------



## sweetrose

now i cant find user /ann


----------



## eddie5659

Look in here:

C:\Users\ann\Downloads

And then when you find it, you should be able to do the above


----------



## sweetrose

emLook 30.07.11 by jpshortstuff
Log created at 21:21 on 04/02/2013 by ann
Administrator - Elevation successful

No Context: C:\Users\ann\:\Users\ann\

-= EOF


----------



## eddie5659

Looks like you copied it incorrectly. Try again, but with the following:



Code:


:dir
C:\Users\ann\Downloads


----------



## sweetrose

cant find that lock now


----------



## eddie5659

Do you mean the log? It should pop up straight after running the scan, but if not, it will be in the same place where you have the actual SystemLook program 

Posting the scan here again, in case this goes to the next page 

Open up SystemLook:










Then need to copy/paste this code:



Code:


:dir
C:\Users\ann\Downloads

into it, so that it looks like this:










Then, press the *Look* button:










And then the program will run for a bit and a log will popup when its finished 

eddie


----------



## sweetrose

did you want me to scan frist then post it onthe lock


----------



## eddie5659

If you open the program, and copy/paste this in:



Code:


:dir
C:\Users\ann\Downloads

And then press *Look*, it will scan the computer and a Notepad should appear after wil the log.

Then, just copy/paste the contents here in your reply, like you did before


----------



## sweetrose

cant find dr/c/ann/downloads there is so meny on there


----------



## eddie5659

You normally download the programs to the following folder:

C:\Users\ann\Downloads

Just open that to find systemLook, and then run the code as below. It will show everything in there, I just want to know what to remove 



Code:


:dir
C:\Users\ann\Downloads


----------



## sweetrose

stemLook 30.07.11 by jpshortstuff
Log created at 19:09 on 11/02/2013 by ann
Administrator - Elevation successful

========== dir ==========

C:\Users\ann\Downloads - Parameters: "(none)"

---Files---
043.JPG	--a---- 4989512 bytes	[20:50 04/09/2012]	[20:50 04/09/2012]
57a46a27-5176-4594-beb7-2def0f0b8bd4.wmv	--a---- 22245535 bytes	[20:54 09/03/2011]	[20:54 09/03/2011]
Attachments_2012_10_18.zip	--a---- 4977653 bytes	[21:02 18/10/2012]	[21:00 15/01/2013]
AVG Anti-Virus Free Edition.exe	--a---- 4411392 bytes	[14:27 05/11/2012]	[14:27 05/11/2012]
chromeinstall-7u10.exe	--a---- 896016 bytes	[14:35 04/01/2013]	[14:35 04/01/2013]
chromeinstall-7u7.exe	--a---- 894952 bytes	[13:47 28/09/2012]	[13:47 28/09/2012]
erunt_setup (2).exe	--a---- 791393 bytes	[20:49 02/12/2012]	[20:49 02/12/2012]
fix.zip	--a---- 22 bytes	[14:37 04/12/2012]	[14:49 18/01/2013]
Image001 (1).jpg	--a---- 269442 bytes	[17:52 20/11/2012]	[17:52 20/11/2012]
jre-7u10-windows-i586.gz	--a---- 41656320 bytes	[21:08 10/01/2013]	[21:08 10/01/2013]
mbam-setup-1.65.1.1000.exe	--a---- 10669952 bytes	[23:28 15/11/2012]	[23:29 15/11/2012]
msgr11us (1).exe	--a---- 439704 bytes	[18:37 06/12/2012]	[18:37 06/12/2012]
Photo.zip	--a---- 22 bytes	[20:15 17/03/2012]	[20:16 17/03/2012]
sfp (3).zip	--a---- 22 bytes	[13:52 10/10/2012]	[18:49 28/10/2012]
SkypeSetup (1).exe	--a---- 1335912 bytes	[08:54 09/02/2013]	[08:54 09/02/2013]
SkypeSetup (2).exe	--a---- 1335912 bytes	[14:18 09/02/2013]	[14:18 09/02/2013]
SkypeSetup.exe	--a---- 1335912 bytes	[08:54 09/02/2013]	[08:54 09/02/2013]
SkypeSetupFull (1).exe	--a---- 30755584 bytes	[18:34 11/02/2013]	[18:36 11/02/2013]
SkypeSetupFull (2).exe	--a---- 30755584 bytes	[18:44 11/02/2013]	[18:45 11/02/2013]
SkypeSetupFull.exe	--a---- 30753024 bytes	[08:33 11/02/2013]	[08:33 11/02/2013]
SystemLook.txt	--a---- 314 bytes	[14:03 22/11/2012]	[21:35 04/02/2013]
SystemLook_x64.exe	--a---- 165376 bytes	[20:08 04/02/2013]	[20:08 04/02/2013]

---Folders---
New folder	d------	[17:12 07/10/2012]

-= EOF =-


----------



## eddie5659

That's the one :up:

Okay, lets start with removing the tools we've used. Normally I post this all at once, but we'll do each in turn 

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Let me know if you mange this okay, or if you want screenshots, then we'll move to the next part


----------



## sweetrose

you want me to do the scaning from malware


----------



## eddie5659

Nope, if you copy/paste this into the Run box when you click on *Start* and then *Run*:

*ComboFix /Uninstall*

And press *OK*, it will uninstall ComboFix


----------



## eddie5659

Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

Let me know when this is done


----------



## sweetrose

all done


----------



## eddie5659

Oki doki 


Now, if you go to AddRemove Programs in the Control Panel, and uninstall this:

SUPERAntiSpyware

Again, let me know when its gone or any problems, and then we'll do the next step


----------



## sweetrose

cant see it there Eddie


----------



## eddie5659

It may have already been unnstalled, but lets just do this to check:

*1. Please download HijackThis:*

Please go * here* to download *HijackThis*.

Save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.

Now, do the following:

Click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.

If you need screenshots, let me know and I'll get some for you


----------



## sweetrose

i eddie. all done

file of Trend Micro HijackThis v2.0.4
Scan saved at 20:42:53, on 05/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ann\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP21&ocid=UP21DHP&dt=020913
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.yahoo.com/?ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\ann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D15F113-3692-4089-B3A3-77DC82321FEB}: NameServer = 10.203.129.68 10.203.129.68
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.3.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12015 bytes


----------



## eddie5659

Looking there, although its not the Uninstall list, it does show me what you have on Startup, and I can't see SUPERAntiSpyware there. Normally it always starts when Windows boots up, so that's okay 

Now, if you can look here:

C:\Users\ann\Downloads

Can you delete these:

*
fix.zip
jre-7u10-windows-i586.gz
mbam-setup-1.65.1.1000.exe
sfp (3).zip
*

We have a few more to remove, but we'll have to find them first, so do the ones above as I know where they are 

Let me know how it goes.


----------



## sweetrose

where do i delete these


----------



## eddie5659

If you go to your Download folder here:

C:\Users\ann\Downloads

That's where they are


----------



## sweetrose

ok will find it,


----------



## sweetrose

this is all come up
mLook 30.07.11 by jpshortstuff
Log created at 21:44 on 05/03/2013 by ann
Administrator - Elevation successful

No Context: C:\Users\ann\

-= EOF


----------



## eddie5659

You don't need to run the SystemLook program, we're just deleting the files we've used.

However, it may be easier to use a tool that does it all for us, and we'll remove that then afterwards 

So, using SystemLook again, can you run it with the following code and post the log as before 



Code:


:dir
C:\Users\ann\Downloads /s
:filefind
*SecurityCheck*
*sfp*
*rsit*
*systemlook*
*HijackThis*
*adwcleaner*
*jrt*
*RogueKiller*
*ComboFix*
*SUPERAntiSpyware*


----------



## sweetrose

ystemLook 30.07.11 by jpshortstuff
Log created at 14:01 on 06/03/2013 by ann
Administrator - Elevation successful

No Context: Code:

========== dir ==========

C:\Users\ann\Downloads - Parameters: "/s"

---Files---
043.JPG	--a---- 4989512 bytes	[20:50 04/09/2012]	[20:50 04/09/2012]
57a46a27-5176-4594-beb7-2def0f0b8bd4.wmv	--a---- 22245535 bytes	[20:54 09/03/2011]	[20:54 09/03/2011]
Attachments_2012_10_18.zip	--a---- 4977653 bytes	[21:02 18/10/2012]	[21:00 15/01/2013]
AVG Anti-Virus Free Edition.exe	--a---- 4411392 bytes	[14:27 05/11/2012]	[14:27 05/11/2012]
chromeinstall-7u10.exe	--a---- 896016 bytes	[14:35 04/01/2013]	[14:35 04/01/2013]
chromeinstall-7u7.exe	--a---- 894952 bytes	[13:47 28/09/2012]	[13:47 28/09/2012]
erunt_setup (2).exe	--a---- 791393 bytes	[20:49 02/12/2012]	[20:49 02/12/2012]
fix.zip	--a---- 22 bytes	[14:37 04/12/2012]	[14:49 18/01/2013]
HijackThis.exe	--a---- 388608 bytes	[20:36 05/03/2013]	[20:36 05/03/2013]
hijackthis.log	--a---- 12017 bytes	[20:42 05/03/2013]	[20:42 05/03/2013]
Image001 (1).jpg	--a---- 269442 bytes	[17:52 20/11/2012]	[17:52 20/11/2012]
jre-7u10-windows-i586.gz	--a---- 41656320 bytes	[21:08 10/01/2013]	[21:08 10/01/2013]
mbam-setup-1.65.1.1000.exe	--a---- 10669952 bytes	[23:28 15/11/2012]	[23:29 15/11/2012]
msgr11us (1).exe	--a---- 439704 bytes	[18:37 06/12/2012]	[18:37 06/12/2012]
OTC.exe	--a---- 201728 bytes	[13:52 06/03/2013]	[13:52 06/03/2013]
Photo.zip	--a---- 22 bytes	[20:15 17/03/2012]	[20:16 17/03/2012]
sfp (3).zip	--a---- 22 bytes	[13:52 10/10/2012]	[18:49 28/10/2012]
SkypeSetup.exe	--a---- 1335912 bytes	[08:54 09/02/2013]	[08:54 09/02/2013]
SkypeSetupFull (1).exe	--a---- 30755584 bytes	[18:34 11/02/2013]	[18:36 11/02/2013]
SkypeSetupFull (2).exe	--a---- 30755584 bytes	[18:44 11/02/2013]	[18:45 11/02/2013]
SkypeSetupFull (3).exe	--a---- 30755584 bytes	[19:19 11/02/2013]	[19:19 11/02/2013]
SkypeSetupFull.exe	--a---- 30753024 bytes	[08:33 11/02/2013]	[08:33 11/02/2013]
SystemLook.txt	--a---- 0 bytes	[21:43 05/03/2013]	[14:01 06/03/2013]
SystemLook_x64.exe	--a---- 165376 bytes	[21:42 05/03/2013]	[21:42 05/03/2013]

C:\Users\ann\Downloads\New folder	d------	[17:12 07/10/2012]
Pictures - Shortcut.lnk	--a---- 1080 bytes	[19:18 24/11/2012]	[19:18 24/11/2012]

========== filefind ==========

Searching for "*SecurityCheck*"
No files found.

Searching for "*sfp*"
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (1).lnk	--a---- 569 bytes	[20:37 19/09/2012]	[20:02 20/09/2012] D5172517F398DB6FACD4F801C4CA73DD
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (2).lnk	--a---- 569 bytes	[13:42 20/09/2012]	[19:28 20/09/2012] 50B24FC0AA1E5ED669A5B8DF3E6C3297
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).lnk	--a---- 567 bytes	[20:00 20/09/2012]	[20:00 20/09/2012] E7EF1A9BA4ED445EA73C87FEEF4047E4
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).zip.lnk	--a---- 569 bytes	[20:28 03/12/2012]	[20:28 03/12/2012] DF240FC1A582279E20D44229E5613CF7
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp.lnk	--a---- 543 bytes	[20:40 19/09/2012]	[19:29 20/09/2012] 7175739A0617B3D8D1A50DCC4A9A9458
C:\Users\ann\Downloads\sfp (3).zip	--a---- 22 bytes	[13:52 10/10/2012]	[18:49 28/10/2012] 76CDB2BAD9582D23C1F6F4D868218D6C
C:\Windows\System32\migwiz\SFPAT.inf	--a---- 10457 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 00C059C4A3B9D10163373CCF11D0F42A
C:\Windows\System32\migwiz\SFPATLH.inf	--a---- 9665 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 2A258570E8F5A67DCEAAD96B119757C1
C:\Windows\System32\migwiz\SFPATW7.inf	--a---- 3371 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] AD811573E82AA01C384A73424B03E3E6
C:\Windows\System32\migwiz\SFPATXP.inf	--a---- 4386 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 1B48F7FD1629E2A0E6C712D64D9D1CCF
C:\Windows\SysWOW64\migwiz\SFPAT.inf	--a---- 10457 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 00C059C4A3B9D10163373CCF11D0F42A
C:\Windows\SysWOW64\migwiz\SFPATLH.inf	--a---- 9665 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 2A258570E8F5A67DCEAAD96B119757C1
C:\Windows\SysWOW64\migwiz\SFPATW7.inf	--a---- 3371 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] AD811573E82AA01C384A73424B03E3E6
C:\Windows\SysWOW64\migwiz\SFPATXP.inf	--a---- 4386 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 1B48F7FD1629E2A0E6C712D64D9D1CCF
C:\Windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\SFPAT.inf	--a---- 10457 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 00C059C4A3B9D10163373CCF11D0F42A
C:\Windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\SFPATLH.inf	--a---- 9665 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 2A258570E8F5A67DCEAAD96B119757C1
C:\Windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\SFPATW7.inf	--a---- 3371 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] AD811573E82AA01C384A73424B03E3E6
C:\Windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\SFPATXP.inf	--a---- 4386 bytes	[23:28 13/07/2009]	[20:21 13/07/2009] 1B48F7FD1629E2A0E6C712D64D9D1CCF
C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\SFPAT.inf	--a---- 10457 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 00C059C4A3B9D10163373CCF11D0F42A
C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\SFPATLH.inf	--a---- 9665 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 2A258570E8F5A67DCEAAD96B119757C1
C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\SFPATW7.inf	--a---- 3371 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] AD811573E82AA01C384A73424B03E3E6
C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\SFPATXP.inf	--a---- 4386 bytes	[23:17 13/07/2009]	[20:26 13/07/2009] 1B48F7FD1629E2A0E6C712D64D9D1CCF

Searching for "*rsit*"
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.similarsites.com_0.localstorage	--a---- 3072 bytes	[19:53 16/08/2012]	[21:25 16/08/2012] A765F236CC41A286E31A6E0761D62B6E
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.similarsites.com_0.localstorage-journal	--a---- 3608 bytes	[19:53 16/08/2012]	[21:25 16/08/2012] D2ADFCFD11B2DF3EC2796B2CACC364CA

Searching for "*systemlook*"
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\SystemLook.lnk	--a---- 2348 bytes	[19:19 04/02/2013]	[13:51 06/03/2013] D832717F2003B27C750F63C0641C5E3B
C:\Users\ann\Downloads\SystemLook.txt	--a---- 4694 bytes	[21:43 05/03/2013]	[14:01 06/03/2013] 029ACAFF883CC643A869E74A34031BAF
C:\Users\ann\Downloads\SystemLook_x64.exe	--a---- 165376 bytes	[21:42 05/03/2013]	[21:42 05/03/2013] F783EC309D42813F74319EB776153B2B
C:\Users\ann\Pictures\SystemLook.txt	--a---- 4084 bytes	[19:09 11/02/2013]	[19:09 11/02/2013] 41FECB112F4C87AE4D4F5D083736C97D

Searching for "*HijackThis*"
C:\Program Files (x86)\trend micro\hijackthis.exe	--a---- 388608 bytes	[20:50 08/10/2012]	[13:58 12/10/2012] 9A2347903D6EDB84C10F288BC0578C1C
C:\Program Files (x86)\trend micro\hijackthis.log	--a---- 19205 bytes	[20:51 08/10/2012]	[13:58 12/10/2012] 7023F997715951CE5D06823F6A310C37
C:\Users\ann\Downloads\HijackThis.exe	--a---- 388608 bytes	[20:36 05/03/2013]	[20:36 05/03/2013] 9A2347903D6EDB84C10F288BC0578C1C
C:\Users\ann\Downloads\hijackthis.log	--a---- 12017 bytes	[20:42 05/03/2013]	[20:42 05/03/2013] 270C97CCC1E71B2467A83105CED57929

Searching for "*adwcleaner*"
C:\AdwCleaner[R1].txt	--a---- 29826 bytes	[18:53 03/11/2012]	[18:53 03/11/2012] 172CB47925C5305D8A4974341BB4F473
C:\AdwCleaner[R2].txt	--a---- 15825 bytes	[21:13 15/11/2012]	[21:13 15/11/2012] 84A123AFCC4AF14FDF5A117A0C06D653
C:\AdwCleaner[R3].txt	--a---- 15886 bytes	[21:15 15/11/2012]	[21:15 15/11/2012] A4283493B0D022D891B5B94BE1B1D8B6
C:\AdwCleaner[R4].txt	--a---- 5350 bytes	[17:50 03/01/2013]	[17:50 03/01/2013] 2CAE6A60E9580D3F130E36079244EB23
C:\AdwCleaner[S1].txt	--a---- 29417 bytes	[19:15 03/11/2012]	[19:16 03/11/2012] 2273FE33753B2C81EF69BB1ADAD765A6
C:\AdwCleaner[S2].txt	--a---- 1025 bytes	[19:21 03/11/2012]	[19:21 03/11/2012] BAB4D2A083173C00416CCB8DA8435DCB
C:\AdwCleaner[S3].txt	--a---- 1036 bytes	[19:40 03/11/2012]	[19:40 03/11/2012] 09C48D858409ECED957238E0082C25EA
C:\AdwCleaner[S4].txt	--a---- 16565 bytes	[21:49 15/11/2012]	[21:49 15/11/2012] 8D9D7107DCEAAE23AFF9E4C97D1B24E0
C:\AdwCleaner[S5].txt	--a---- 5318 bytes	[18:21 03/01/2013]	[18:22 03/01/2013] 85945D46CE748ECD7E2056539378292B

Searching for "*jrt*"
C:\JRT\JRT.bat	--a---- 11406 bytes	[20:33 02/01/2013]	[01:17 30/12/2012] BCF7942F0D3189E8D34B7F549627D989
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_jrtux.com_0.localstorage	--a---- 3072 bytes	[19:36 23/08/2012]	[19:36 23/08/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_jrtux.com_0.localstorage-journal	--a---- 3608 bytes	[19:36 23/08/2012]	[19:36 23/08/2012] 109278EF9E156BB9765712916E696AE2

Searching for "*RogueKiller*"
No files found.

Searching for "*ComboFix*"
No files found.

Searching for "*SUPERAntiSpyware"
No files found.

-= EOF =


----------



## eddie5659

Thanks 

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):



Code:


:Files
C:\Users\ann\Downloads\AVG Anti-Virus Free Edition.exe
C:\Users\ann\Downloads\erunt_setup (2).exe
C:\Users\ann\Downloads\fix.zip
C:\Users\ann\Downloads\HijackThis.exe
C:\Users\ann\Downloads\hijackthis.log
C:\Users\ann\Downloads\jre-7u10-windows-i586.gz
C:\Users\ann\Downloads\mbam-setup-1.65.1.1000.exe
C:\Users\ann\Downloads\sfp (3).zip
C:\Users\ann\Downloads\SystemLook.txt
C:\Users\ann\Downloads\SystemLook_x64.exe
C:\Users\ann\Downloads\OTC.exe
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (1).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (2).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).zip.lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp.lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\SystemLook.lnk
C:\Users\ann\Pictures\SystemLook.txt
C:\AdwCleaner[R1].txt
C:\AdwCleaner[R2].txt
C:\AdwCleaner[R3].txt
C:\AdwCleaner[R4].txt
C:\AdwCleaner[S1].txt
C:\AdwCleaner[S2].txt
C:\AdwCleaner[S3].txt
C:\AdwCleaner[S4].txt
C:\AdwCleaner[S5].txt
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste* so that it looks like this:










Remember to include the *:Files* at the beginning 

Click the red *Moveit!* button.










*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

eddie


----------



## sweetrose

processes killed
Error: Unable to interpret <Files> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\AVG Anti-Virus Free Edition.exe> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\erunt_setup (2).exe> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\fix.zip> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\HijackThis.exe> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\hijackthis.log> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\jre-7u10-windows-i586.gz> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\mbam-setup-1.65.1.1000.exe> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\sfp (3).zip> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\SystemLook.txt> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\SystemLook_x64.exe> in the current context!
Error: Unable to interpret <C:\Users\ann\Downloads\OTC.exe> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (1).lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (2).lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).zip.lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp.lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\SystemLook.lnk> in the current context!
Error: Unable to interpret <C:\Users\ann\Pictures\SystemLook.txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[R1].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[R2].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[R3].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[R4].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[S1].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[S2].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[S3].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[S4].txt> in the current context!
Error: Unable to interpret <C:\AdwCleaner[S5].txt> in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 132182747 bytes
->Temporary Internet Files folder emptied: 38208616 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8343653 bytes
->Flash cache emptied: 2016 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715468 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102856845 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 333317153 bytes

Total Files Cleaned = 588.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 03072013_144647

Files moved on Reboot...
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

Registry entries deleted on Reboot...


----------



## eddie5659

Looks like it wasn't all copied across. Can you try again, but make sure this is at the top:

*:Files*



Code:


:Files
C:\Users\ann\Downloads\AVG Anti-Virus Free Edition.exe
C:\Users\ann\Downloads\erunt_setup (2).exe
C:\Users\ann\Downloads\fix.zip
C:\Users\ann\Downloads\HijackThis.exe
C:\Users\ann\Downloads\hijackthis.log
C:\Users\ann\Downloads\jre-7u10-windows-i586.gz
C:\Users\ann\Downloads\mbam-setup-1.65.1.1000.exe
C:\Users\ann\Downloads\sfp (3).zip
C:\Users\ann\Downloads\SystemLook.txt
C:\Users\ann\Downloads\SystemLook_x64.exe
C:\Users\ann\Downloads\OTC.exe
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (1).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (2).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).zip.lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp.lnk
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\SystemLook.lnk
C:\Users\ann\Pictures\SystemLook.txt
C:\AdwCleaner[R1].txt
C:\AdwCleaner[R2].txt
C:\AdwCleaner[R3].txt
C:\AdwCleaner[R4].txt
C:\AdwCleaner[S1].txt
C:\AdwCleaner[S2].txt
C:\AdwCleaner[S3].txt
C:\AdwCleaner[S4].txt
C:\AdwCleaner[S5].txt
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]


----------



## sweetrose

All processes killed
========== FILES ==========
C:\Users\ann\Downloads\AVG Anti-Virus Free Edition.exe moved successfully.
C:\Users\ann\Downloads\erunt_setup (2).exe moved successfully.
C:\Users\ann\Downloads\fix.zip moved successfully.
C:\Users\ann\Downloads\HijackThis.exe moved successfully.
C:\Users\ann\Downloads\hijackthis.log moved successfully.
C:\Users\ann\Downloads\jre-7u10-windows-i586.gz moved successfully.
C:\Users\ann\Downloads\mbam-setup-1.65.1.1000.exe moved successfully.
C:\Users\ann\Downloads\sfp (3).zip moved successfully.
C:\Users\ann\Downloads\SystemLook.txt moved successfully.
C:\Users\ann\Downloads\SystemLook_x64.exe moved successfully.
C:\Users\ann\Downloads\OTC.exe moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (1).lnk moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (2).lnk moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).lnk moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp (3).zip.lnk moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\sfp.lnk moved successfully.
C:\Users\ann\AppData\Roaming\Microsoft\Windows\Recent\SystemLook.lnk moved successfully.
C:\Users\ann\Pictures\SystemLook.txt moved successfully.
C:\AdwCleaner[R1].txt moved successfully.
C:\AdwCleaner[R2].txt moved successfully.
C:\AdwCleaner[R3].txt moved successfully.
C:\AdwCleaner[R4].txt moved successfully.
C:\AdwCleaner[S1].txt moved successfully.
C:\AdwCleaner[S2].txt moved successfully.
C:\AdwCleaner[S3].txt moved successfully.
C:\AdwCleaner[S4].txt moved successfully.
C:\AdwCleaner[S5].txt moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ann
->Temp folder emptied: 103759 bytes
->Temporary Internet Files folder emptied: 68552 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 111030843 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8064 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: ann
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 03072013_180915

Files moved on Reboot...
C:\Users\ann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## eddie5659

Excellent :up:

Now, we just need to remove the tool we just used, so can you download this tool again:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

Let me know when this is done 

Can you also make sure the OTC file is gone afterwards. It should do itself automatically, but just being sure


----------



## sweetrose

clean up done reboot done,; )


----------



## eddie5659

Excellent, and has the OTC tool you used gone as well? It will be in the usual place:

C:\Users\ann\Downloads


----------



## sweetrose

cant see it eddie


----------



## eddie5659

Then that means it did remove itself 

Okay, now just a cleanup, and then we'll install some programs etc to help your security on the web 

Again, let me know when you've done each step, and we'll do the next 

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.


----------



## sweetrose

i did it Eddie and it did reboot


----------



## eddie5659

Okay 

Now, we're going to create a restore point, so in case something happens in the future, you have a restore point you can go back to 

*Create Restore Point (Win7/Vista)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name (say *Clean PC*) and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

Again, let me know when its done


----------



## sweetrose

cant find System Protection


----------



## eddie5659

Can you find the System icon in the Control Panel? If so, when you click on that, on the left is the System Protection:

I can get extra screenshots, but just about to watch the Muppets, so will have to be after if needed 
----

So, firstly, go to the Control Panel, and depending on what set up you have, do the following:

*Large Icons* - Click on *System*

*Category * - Click on *System and Security* and then *System*

So, you'll be in *System* either way:










On the left, select *System Protection*










And the following will appear:










Then, in the above screenshot you can see the *Create* button, just above the *Cancel* at the bottom.

Click on that then follow the rest of the instructions


----------



## sweetrose

you have muppets on,lol/.......
im trying it now


----------



## sweetrose

cleaning it now


----------



## sweetrose

done it


----------



## eddie5659

Excellent 

Yep, the Muppets was great, apart from the singing. However, I still loved it 

Now, I think you use Internet Explorer as your main browser, so see if you can do this. Any questions, again please ask 

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 

Then click on the *Advanced tab* and do the following:


 Scroll down to *Security* section.
 Tick the box for *Empty Tempory Internet Files when Browser is Closed*

 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

eddie


----------



## sweetrose

looking for it eddie......glad you like the film


----------



## sweetrose

done it


----------



## eddie5659

Excellent 

Okay, this is something to do now, and possibly at the beginning of each month 

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Again, let me know how it goes


----------



## sweetrose

doing it now


----------



## eddie5659

Oki doki


----------



## sweetrose

all done


----------



## eddie5659

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.


Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Again, let me know any problems you have and when its all done


----------



## sweetrose

asking if i want to delet files


----------



## eddie5659

That's fine, its just deleting temp files 

This is mine. I've ticked all the boxes and all I need to do is press OK, and this appears:










Just click on Delete Files


----------



## sweetrose

think iv done it all.


----------



## eddie5659

Excellent 

Now, I can't remember which security stuff you have, so run this again. Its okay to have it on your computer, it doesn't remove anything 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.


----------



## sweetrose

doing that now Eddie,,so have you seen any more good films


----------



## eddie5659

Well, a few that are totally different to the Muppets. In fact, I think I'll update my thread in Random, where I post the films I've seen. I'll post the link when I've replied to it


----------



## sweetrose

lts of screen317's Security Check version 0.99.61 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2013 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java 7 Update 11 
*Java version out of Date!* 
Google Chrome 25.0.1364.152 
Google Chrome 25.0.1364.172 
Google Chrome Plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 5% 
*````````````````````End of Log``````````````````````*


----------



## sweetrose

i lik fims /and been looking for a free link


----------



## eddie5659

Don't have a free link, as I rent mine from LoveFilm. But, here is my thread:

http://forums.techguy.org/random-discussion/1024873-movie-film-reviews.html

And just posted my latest list on page 11


----------



## sweetrose

ok i will,,did you get wot isent Eddie and wass that ok


----------



## eddie5659

Okay, your Java is out of date, so lets get that sorted.

Click on the following link to get the latest Java:

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Accept the agreement:










Click to download the offline install, called *jre-7u10-windows-i586.exe*











Close any programs you may have running - especially your web browser.

Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.

Check any item with Java Runtime Environment *(JRE or J2SE)* in the name, You should see these:

*Java 7 Update 11*

Click the Remove or Change/Remove button

Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.

Then from your desktop (or your Download folder) double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u10-windows-i586.exe* and select "Run as an Administrator.")
*Don't install any of the toolbars that are offered.*

----------

Then, re-run Security Check just as you did tonight


----------



## sweetrose

cant see jre-7u10-windows-i586.exe on there


----------



## eddie5659

Sorry, it was an old speech. Hang on....










You're looking for *jre-7u17-windows-i586.exe*


----------



## sweetrose

fand it,will do it now


----------



## eddie5659

Oki doki, and then run the Security check after, so I can see if its installed okay


----------



## sweetrose

all done


----------



## eddie5659

Just need the new Security Check scan, like you did this evening, as it will show whether its updated okay


----------



## sweetrose

ok do it now


----------



## sweetrose

Results of screen317's Security Check version 0.99.61 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2013 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java 7 Update 17 
Google Chrome 25.0.1364.152 
Google Chrome 25.0.1364.172 
Google Chrome Plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 5% 
*````````````````````End of Log``````````````````````*


----------



## eddie5659

Great, its updated 

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.

When you install it, on the left is an *Update * button, press that then *Check for Updates*.

Can't remember on install if it offers automatic updates, but if it does, select that option


----------



## sweetrose

think iv done it rigt


----------



## sweetrose

no i never did it right eddie,its a new messga for sky pee


----------



## eddie5659

Not sure I understand, are you saying its not SpywareBlaster? Can you tell me what you have, as in the exe file?

This is a direct link to the actual file:

http://www.brightfort.net/downloads/spywareblastersetup50.exe


----------



## sweetrose

when i did it the frist time ,it download to skype


----------



## eddie5659

Ah, I see. Well, that is strange. What happens if you click on the link below instead?

http://www.brightfort.net/downloads/spywareblastersetup50.exe


----------



## sweetrose

done it right this timem


----------



## eddie5659

Cool 

So, hopefully on install it should ask about Automatic Updating. Let me know how it goes


----------



## sweetrose

it did all that


----------



## eddie5659

Okay 

Well, you have Windows firewall installed, which is good. Plus, your AVG is up to date, so that is also good. It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

Also, run a virus scan monthly 

And hopefully Windows Update is set to Automatic, which I have a feeling it is 

Apart from that, you should be okay 

Is your computer running okay?


----------



## sweetrose

every think is running good now eddie


----------



## eddie5659

Excellent :up:

Okay, we can now mark this thread as Solved, which I can do for you. if you want to ask me any questions etc, I'll still be here, so you can either send me a message, or you can reply here, if you wish 

I know you've learnt a lot over this post, and hopefully any problems/questions you have in the future I'll be able to help you with 

eddie


----------



## sweetrose

ok and thanks for all yr help Eddie 
enjoy you yr films you have, x


----------



## eddie5659

Happy to help 

I will, and I'll have some new ones for the weekend, so will post a bit more often there 

Night


----------



## sweetrose

night eddie,x


----------

