# OMG! LOL! IDK! Kids Computer Beware!!!!



## Frustrated1636 (Oct 25, 2012)

Had to resort to using my kids computer after a hard drive failure on my computer and I am going crazy. Pop-ups galore and won't let me use Explorer....all kinds of ads on everything everywhere. Please help me before I rip out all my hair....
*
Hijack This Results:*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:37:55 PM, on 3/6/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Users\Chuck\AppData\Local\GCC\Controller.exe
C:\Users\Chuck\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Games\Risk\RiskSA.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chuck\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
F:\Fix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN76054516726472136&UM=2&ctid=CT3310511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - (no file)
R3 - URLSearchHook: (no name) - {8e2479de-6096-41f3-90ab-83be9946aa2d} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: InternetHelper3.1 - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: MediaViewV1alpha753 - {26d1bf3e-ba83-43b4-b136-64d190f9c06c} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha753\ie\MediaViewV1alpha753.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: LemurLeap - {415419c3-dad0-4df1-ac37-22c72ad81878} - C:\Program Files (x86)\LemurLeap\LemurLeapBHO.dll
O2 - BHO: BetterSrf - {45277F9D-8C9C-4726-A558-D69AC740910E} - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ie\BetterSrf.dll
O2 - BHO: DealPly Shopping - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (file missing)
O2 - BHO: SmARtCompare - {5D191057-EF05-8603-64F5-9C4AB9975009} - C:\ProgramData\SmARtCompare\r1bCChOo.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O2 - BHO: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SweetPacks - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
O2 - BHO: BetterSrf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll
O2 - BHO: InternetHelper3.7 - {8e2479de-6096-41f3-90ab-83be9946aa2d} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DefaultTabToolbarBHO - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Chuck\AppData\Roaming\defaulttab\defaulttab\Apps\RelatedLinksBHO.dll (file missing)
O2 - BHO: MediaViewerV1alpha3789 - {a092d4b4-6ade-4660-af7c-203ee4594af4} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ie\MediaViewerV1alpha3789.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file)
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: PngToPaPTuConuvertt - {D18CD279-16D6-301B-2ED9-2682DC317A2D} - C:\ProgramData\PngToPaPTuConuvertt\wQJ4Ayf.dll
O2 - BHO: WebexpEnhancedV1alpha92 - {d5f2d30f-2acd-4cd7-b551-4c8bdb9ba4ec} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92\ie\WebexpEnhancedV1alpha92.dll
O2 - BHO: KeyBar 1.14 - {da51d4f6-3e7e-4ef8-b400-9198e0874606} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: LyricsSing - {f585b32d-ae67-4b5d-afe0-89015b3a25be} - C:\Program Files (x86)\LyricSing\133.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Chuck\AppData\Roaming\defaulttab\defaulttab\Apps\RelatedLinksBHO.dll (file missing)
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
O4 - HKLM\..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Starfield Updater] "C:\Users\Chuck\AppData\Local\Workspace\WorkspaceUpdate.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Chuck\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9001C7D091CC23E7588EE40C1DFED158] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Severe Weather Alerts App.lnk = Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
O4 - Startup: Severe Weather Alerts.lnk = Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Chuck\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files (x86)\Workspace\offSyncService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update LemurLeap - Unknown owner - C:\Program Files (x86)\LemurLeap\updateLemurLeap.exe
O23 - Service: Util LemurLeap - Unknown owner - C:\Program Files (x86)\LemurLeap\bin\utilLemurLeap.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.1.3 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20561 bytes

*DDS Results*
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
Run by Chuck at 15:40:43 on 2014-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3944.1351 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\jmesoft\Service.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\LemurLeap\updateLemurLeap.exe
C:\Program Files (x86)\LemurLeap\bin\utilLemurLeap.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Chuck\AppData\Local\GCC\Controller.exe
C:\Users\Chuck\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Windows\jmesoft\JME_LOAD.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskeng.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Games\Risk\RiskSA.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chuck\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN76054516726472136&UM=2&ctid=CT3310511
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
uProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
uURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
uURLSearchHooks: {8e2479de-6096-41f3-90ab-83be9946aa2d} - <orphaned>
mURLSearchHooks: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - <orphaned>
mURLSearchHooks: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
mURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
mURLSearchHooks: {8e2479de-6096-41f3-90ab-83be9946aa2d} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Media View: {26d1bf3e-ba83-43b4-b136-64d190f9c06c} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha753\ie\MediaViewV1alpha753.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: LemurLeap: {415419c3-dad0-4df1-ac37-22c72ad81878} - C:\Program Files (x86)\LemurLeap\LemurLeapBHO.dll
BHO: BetterSurf Plus V1: {45277F9D-8C9C-4726-A558-D69AC740910E} - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ie\BetterSrf.dll
BHO: DealPly Shopping: {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - 
BHO: SmARtCompare: {5D191057-EF05-8603-64F5-9C4AB9975009} - C:\ProgramData\SmARtCompare\r1bCChOo.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: BetterSurf: {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - <orphaned>
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - LocalServer32 - <no file>
BHO: Better-Surf: {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll
BHO: {8e2479de-6096-41f3-90ab-83be9946aa2d} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Related Searches: {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - 
BHO: Media Viewer: {a092d4b4-6ade-4660-af7c-203ee4594af4} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ie\MediaViewerV1alpha3789.dll
BHO: {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - <orphaned>
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: PngToPaPTuConuvertt: {D18CD279-16D6-301B-2ED9-2682DC317A2D} - C:\ProgramData\PngToPaPTuConuvertt\wQJ4Ayf.dll
BHO: Webexp Enhanced: {d5f2d30f-2acd-4cd7-b551-4c8bdb9ba4ec} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92\ie\WebexpEnhancedV1alpha92.dll
BHO: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: LyricsSing: {f585b32d-ae67-4b5d-afe0-89015b3a25be} - C:\Program Files (x86)\LyricSing\133.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Related Searches: {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - 
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Starfield Updater] "C:\Users\Chuck\AppData\Local\Workspace\WorkspaceUpdate.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Chuck\AppData\Local\Akamai\netsession_win.exe"
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [GoogleChromeAutoLaunch_9001C7D091CC23E7588EE40C1DFED158] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\Chuck\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{019D8BBE-FE5E-4808-9A9A-8E9263E4DE94} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{019D8BBE-FE5E-4808-9A9A-8E9263E4DE94}\7535D224 : DHCPNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{019D8BBE-FE5E-4808-9A9A-8E9263E4DE94}\84F4D454D273442323 : DHCPNameServer = 68.87.66.246 162.150.8.37
TCP: Interfaces\{019D8BBE-FE5E-4808-9A9A-8E9263E4DE94}\E45445745414253313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2B50D246-8962-42FB-B88F-D9C433650241} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SmARtCompare: {5D191057-EF05-8603-64F5-9C4AB9975009} - C:\ProgramData\SmARtCompare\r1bCChOo.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: PngToPaPTuConuvertt: {D18CD279-16D6-301B-2ED9-2682DC317A2D} - C:\ProgramData\PngToPaPTuConuvertt\wQJ4Ayf.x64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&CUI=UN23580925597262071&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC2FACAF5-426A-457A-9C9B-7EA76C0F9F58&SSPV=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Chuck\AppData\Local\Roblox\Versions\version-afc74353f06542bd\NPRobloxProxy.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-02-04 10:52; {2ecad685-1644-4a6c-a1ca-055e8d6442fb}; C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\{2ecad685-1644-4a6c-a1ca-055e8d6442fb}.xpi
FF - ExtSQL: 2014-02-25 15:03; [email protected]; C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ff
FF - ExtSQL: 2014-02-27 12:57; [email protected]; C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
FF - ExtSQL: 2014-02-27 12:57; [email protected]; C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
FF - ExtSQL: 2014-02-27 12:57; [email protected]; C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha753\ff
FF - ExtSQL: !HIDDEN! 2013-07-08 15:45; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-11 57952]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-10-11 20832]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-10-18 46368]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-11 13408]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-3-3 2454816]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2013-2-28 1187040]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-10-11 32768]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2655768]
R2 Update LemurLeap;Update LemurLeap;C:\Program Files (x86)\LemurLeap\updateLemurLeap.exe [2013-8-31 111904]
R2 Util LemurLeap;Util LemurLeap;C:\Program Files (x86)\LemurLeap\bin\utilLemurLeap.exe [2013-10-5 111904]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-3-28 109064]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-11 247400]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-11 947304]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DefaultTabUpdate;DefaultTabUpdate;"C:\Users\Chuck\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe" --> C:\Users\Chuck\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-26 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-17 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-05 11:29:09 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB99C0B1-7DAF-4244-9588-FF891F26B99E}\offreg.dll
2014-03-04 17:42:19 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB99C0B1-7DAF-4244-9588-FF891F26B99E}\mpengine.dll
2014-03-01 23:29:04 -------- d-----w- C:\Users\Chuck\AppData\Roaming\iWin
2014-03-01 23:28:26 -------- d-----w- C:\Program Files (x86)\Games
2014-02-27 23:28:11 22776944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-02-27 23:28:10 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-02-27 23:28:08 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-02-27 23:28:06 276592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2014-02-27 23:28:04 872392 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2014-02-27 23:28:03 152688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2014-02-27 23:28:01 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-02-27 23:28:00 18544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2014-02-27 18:57:56 -------- d-----w- C:\Program Files (x86)\MediaViewV1
2014-02-26 09:13:01 -------- d-----w- C:\windows\Migration
2014-02-25 21:42:28 -------- d-----w- C:\ProgramData\SmARtCompare
2014-02-25 21:42:16 -------- d-----w- C:\ProgramData\f00dfb973b9656dd
2014-02-25 21:42:10 -------- d-----w- C:\Users\Chuck\AppData\Local\Packages
2014-02-25 21:42:02 -------- d-----w- C:\ProgramData\PngToPaPTuConuvertt
2014-02-25 21:42:01 -------- d-----w- C:\ProgramData\dlppakcpdecjekapapjjpbnjmjblgila
2014-02-25 21:13:33 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-02-25 21:13:33 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-25 21:13:33 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-25 21:13:33 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-02-25 21:03:23 -------- d-----w- C:\Program Files (x86)\MediaViewerV1
2014-02-08 23:27:57 -------- d-----w- C:\Program Files (x86)\Turbine
2014-02-08 19:30:23 -------- d-----w- C:\Users\Chuck\AppData\Local\Chromium
2014-02-08 19:26:07 -------- d-----w- C:\Users\Chuck\AppData\Local\The Lord of the Rings Online
2014-02-08 17:45:36 -------- d-----w- C:\Users\Chuck\AppData\Local\Roblox
2014-02-08 17:15:32 -------- d-----w- C:\Users\Chuck\AppData\Local\Turbine
2014-02-08 17:15:16 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2014-02-08 17:15:09 235344 ----a-w- C:\windows\SysWow64\d3dx11_42.dll
2014-02-08 17:14:55 1974616 ----a-w- C:\windows\SysWow64\D3DCompiler_42.dll
2014-02-08 17:14:55 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2014-02-08 17:14:54 3495784 ----a-w- C:\windows\SysWow64\d3dx9_33.dll
2014-02-08 17:06:46 -------- d-----w- C:\ProgramData\Turbine
2014-02-08 17:06:17 -------- d-----w- C:\ProgramData\HappyCloud
2014-02-08 14:34:10 -------- d-----w- C:\windows\System32\MRT
2014-02-08 05:48:36 -------- d-----w- C:\Program Files (x86)\InstallConverter
2014-02-08 05:17:27 -------- d-----w- C:\Users\Chuck\AppData\Roaming\ParetoLogic
2014-02-08 05:17:27 -------- d-----w- C:\Users\Chuck\AppData\Roaming\DriverCure
2014-02-08 05:17:08 -------- d-----w- C:\ProgramData\ParetoLogic
2014-02-08 05:09:58 107520 ----a-w- C:\windows\SysWow64\zlib1.dll
2014-02-08 05:09:42 -------- d-----w- C:\Users\Chuck\AppData\Roaming\dll-files.com
2014-02-08 05:09:36 -------- d-----w- C:\ProgramData\Logs
2014-02-08 05:09:32 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2014-02-08 05:08:29 -------- d-----w- C:\Users\Chuck\AppData\Roaming\IDM2
2014-02-08 04:58:28 128000 ----a-w- C:\Program Files (x86)\Uninstall Information\97\3867\uninstall.exe
2014-02-08 04:58:18 -------- d-----w- C:\Users\Chuck\AppData\Roaming\PerformerSoft
2014-02-08 04:58:14 19392 ----a-w- C:\windows\System32\roboot64.exe
2014-02-08 04:58:14 -------- d-----w- C:\Program Files (x86)\77zip
2014-02-08 04:56:50 -------- d-----w- C:\Program Files (x86)\SearchProtect
.
==================== Find3M ====================
.
2014-02-25 22:23:19 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-25 22:23:19 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-04 08:39:36 829264 ----a-w- C:\windows\System32\msvcr100.dll
2014-02-04 08:39:36 608080 ----a-w- C:\windows\System32\msvcp100.dll
2013-12-21 09:53:45 548864 ----a-w- C:\windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-12-18 12:13:56 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 15:42:15.10 ===============

*DDS Attach Results*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/1/2012 11:08:54 AM
System Uptime: 2/28/2014 3:25:04 AM (156 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 674.715 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 3/4/2014 11:41:29 AM - Windows Update
.
==== Installed Programs ======================
.
77zip
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
BetterSurf Plus V1
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DealPly
DealPly (remove only)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dll-Files Fixer
DMUninstaller
Free Opener
GDMO
GigaClicks Crawler
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.5
Happy Cloud Client
I Want This
Iminent
InstallConverter
InstallIQ Updater
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
InternetHelper3.1 Toolbar for IE
InternetHelper3.7 Toolbar for IE
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
JFileManager
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
KeyBar 1.14 Toolbar
LemurLeap 3.0.0
Lenovo Driver and Application Installation
Lenovo Dynamic Brightness System
Lenovo EE Boot Optimizer
Lenovo Eye Distance System
Lenovo Power2Go
Lenovo Rescue System
Lenovo Tinian Fn PS/2 Keyboard Driver
Level Quality Watcher
Lightspark 0.5.3-git
LVT
LyricsSing
McAfee Security Scan Plus
Media View
Media Viewer
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mixxx 1.10.0
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyPC Backup 
Norton Security Scan
OpenOffice.org 3.3
Optimizer Pro v3.2
Origin
PC Health Kit v3.2
PngToPaPTuConuvertt
Pokemon Online 2.0.07
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
RealUpgrade 1.1
Risk (remove only)
ROBLOX Player for Chuck
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Severe Weather Alerts
SmARtCompare
Stamps.com
Star Wars: The Old Republic
SweetPacks Toolbar for IE
The Lord of the Rings Online
The Lord of the Rings Online v1200.0054.0447.4006
The Sims 3
The Sims 3 University Life
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 wilpbpm
TurboTax 2011 WinBizFedFormset
TurboTax 2011 WinBizReleaseEngine
TurboTax 2011 WinBizTaxSupport
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Business 2011
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
Wajam
Webexp Enhanced
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workspace Desktop
.
==== Event Viewer Messages From Past Week ========
.
3/6/2014 5:26:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/6/2014 3:26:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} and APPID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} to the user Ripper\Chuck SID (S-1-5-21-2471097063-1945811626-1650287918-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/6/2014 3:24:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR18.
2/28/2014 3:25:53 AM, Error: Service Control Manager [7000] - The vToolbarUpdater17.1.3 service failed to start due to the following error: The system cannot find the file specified.
2/28/2014 3:25:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
2/28/2014 3:25:51 AM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
2/28/2014 3:25:51 AM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the file specified.
2/28/2014 3:25:51 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2014 2:49:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
.
==== End Of File ===========================

*GMER Results*
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-06 16:44:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3FE 931.51GB
Running: h8chc2wt.exe; Driver: C:\Users\Chuck\AppData\Local\Temp\ufldrpoc.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002db4000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002db402f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\windows\SysWOW64\rundll32.exe[1292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]
.text C:\windows\SysWOW64\rundll32.exe[1292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]
.text ... * 2
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!SetWindowPos 0000000074ee8e4e 5 bytes JMP 0000000156b3b2f0
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!ShowWindow 0000000074ef0dfb 5 bytes JMP 0000000156b3b280
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!SetFocus 0000000074ef2175 5 bytes JMP 0000000156b3b2d0
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!SetActiveWindow 0000000074ef3208 5 bytes JMP 0000000156b3b340
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!BringWindowToTop 0000000074ef7b3b 5 bytes JMP 0000000156b3b1e0
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!SetForegroundWindow 0000000074f0f170 5 bytes JMP 0000000156b3b1b0
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!SwitchToThisWindow 0000000074f290fc 5 bytes JMP 0000000156b3b210
.text C:\Program Files (x86)\Origin\Origin.exe[3920] C:\windows\syswow64\USER32.dll!ShowWindowAsync 0000000074f47d97 5 bytes JMP 0000000156b3b230
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6652:6668] 000007fef1f5b528
Thread C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6652:6672] 000007fef1e1b334
Thread C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6652:6772] 000007fef1e1b334
---- Processes - GMER 2.1 ----

Process C:\Users\Chuck\AppData\Local\GCC\Controller.exe (*** suspicious ***) @ C:\Users\Chuck\AppData\Local\GCC\Controller.exe [192](2013-12-04 00000000013a0000
Process C:\Users\Chuck\AppData\Local\GCC\Controller.exe (*** suspicious ***) @ C:\Users\Chuck\AppData\Local\GCC\Controller.exe [8888](2013-12-0 00000000013a0000

---- Files - GMER 2.1 ----

File C:\Users\Chuck\AppData\Local\Temp\etilqs_JJ4r4mw731Ab2p8 2056 bytes

---- EOF - GMER 2.1 ----

*Thank you!!!!*


----------



## eddie5659 (Mar 19, 2001)

Hiya

Firstly, can you uninstall these from the Programs and Features in the Control Panel because they're not needed or are outdated or are dangerous to use.

If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 
Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

*DealPly
I Want This
Iminent
InternetHelper3.1 Toolbar for IE
InternetHelper3.7 Toolbar for IE
KeyBar 1.14 Toolbar
Optimizer Pro v3.2*

------------

After doing that, can you run the following tools:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Download *OTL* to your Desktop

*(Vista or Win 7 => right click and Run As Administrator)*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Standard Output*.
At the top, check the box entitled *Scan All Users*
Toward the bottom, check:
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
*Do not change any settings unless otherwise told to do so. *
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
```

Click the *Run Scan* button. The scan wont take long.
A black box will appear, this is part of the custom scan, so don't be alarmed 
*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


Regards

eddie


----------



## Frustrated1636 (Oct 25, 2012)

Thanks Eddie. Sorry for the delay in responding. I will run as instructed and hopefully have results back up this weekend. I appreciate the help!


----------



## Frustrated1636 (Oct 25, 2012)

Eddie, It seems my computer is not allowing me to reply. Maybe because it is too long? I am going to try and post shorter msg...reply, if this works, will be in three parts....

Hi Eddie,

Sorry for the delay and thanks so much for your help....

In regard to the items you wanted deleted I think I have deleted all, though it seems I may not have done it properly and there are folders there that can no longer be deleted. I ran the tests on two days because I was interrupted. The second time I ran the OTL scan it seems it did not create a extras log, so I am posting the extra log created two days ago. The OTL text file here was just run. The Security Check was run two days ago. Here are the logs:

*Security Check:*

Results of screen317's Security Check version 0.99.81 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update. 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java(TM) 6 Update 22 
Java(TM) 6 Update 31 
Java 7 Update 45 
*Java version out of Date!* 
Adobe Flash Player 12.0.0.77 
Mozilla Firefox 27.0.1 *Firefox out of Date!* 
Google Chrome 31.0.1650.57 
Google Chrome 31.0.1650.63 
*````````Process Check: objlist.exe by Laurent````````* 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 
*````````````````````End of Log``````````````````````*


----------



## Frustrated1636 (Oct 25, 2012)

Text was too long for OTL scan....something is a miss here will post OTL Text in four pieces since it is 292,xxx characters....

OTL Text 1 of 4 now this is screwing with my original 3 of 3...will post old Extras log after OTL pieces

OTL logfile created on: 4/7/2014 10:54:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chuck\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.94% Memory free
8.18 Gb Paging File | 4.94 Gb Available in Paging File | 60.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 627.64 Gb Free Space | 69.25% Space Free | Partition Type: NTFS
Drive D: | 288.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.89 Gb Total Space | 5.58 Gb Free Space | 37.47% Space Free | Partition Type: FAT32

Computer Name: RIPPER | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/07 10:48:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chuck\Downloads\OTL(1).exe
PRC - [2014/04/05 09:08:39 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\LemurLeap\bin\utilLemurLeap.exe
PRC - [2014/04/05 09:05:34 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\LemurLeap\updateLemurLeap.exe
PRC - [2014/03/03 08:32:36 | 002,454,816 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/04 13:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Chuck\AppData\Local\GCC\Controller.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2013/10/16 14:38:14 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013/10/16 14:38:14 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2013/04/20 18:36:55 | 000,035,008 | ---- | M] (Starfield Technologies) -- C:\Users\Chuck\AppData\Local\Workspace\workspaceupdate.exe
PRC - [2013/03/28 09:12:36 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/03/21 16:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/21 16:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/03/15 22:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/08 11:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/10/05 08:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 08:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/09 13:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
PRC - [2009/12/04 18:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/28 04:20:12 | 019,693,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/28 04:19:43 | 002,997,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/28 04:05:40 | 018,813,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/28 04:05:33 | 001,870,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/28 04:05:32 | 000,785,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.ni.dll
MOD - [2014/02/28 04:05:32 | 000,250,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\4d5d17a21443c7ea06190ccce3cb4ce1\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/28 04:05:31 | 000,660,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/28 04:05:30 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/28 04:05:30 | 001,889,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/28 04:05:26 | 007,409,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/28 04:05:21 | 011,025,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/28 04:05:19 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/28 04:05:18 | 000,122,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/28 04:05:17 | 000,806,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/28 04:05:15 | 002,825,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/28 04:05:12 | 007,662,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/28 04:05:12 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/28 04:05:10 | 000,150,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\a26df75316019e7a4d2e45246865a675\System.Configuration.Install.ni.dll
MOD - [2014/02/28 04:05:09 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/28 04:05:05 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/28 04:05:04 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/28 04:04:58 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/26 04:43:50 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/26 04:43:41 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/26 04:39:16 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/26 04:39:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 04:38:58 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/26 04:38:49 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/26 04:38:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/26 04:38:41 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/26 04:38:39 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/26 04:38:37 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/26 04:38:30 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/26 04:38:28 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/26 04:38:25 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/12/04 13:16:16 | 000,556,544 | ---- | M] () -- C:\Users\Chuck\AppData\Local\GCC\Controller.exe
MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/08/13 07:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Chuck\AppData\Local\Temp\GC\Profiles\{44AFFD1C-CDE2-4CE9-9E64-B5F6B92EDC44}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2012/03/05 13:32:28 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/09/20 20:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 12:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/09/09 13:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
MOD - [2010/09/09 13:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
MOD - [2009/12/04 19:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 18:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2007/12/31 12:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:*64bit:* - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/04/05 10:04:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/05 09:08:39 | 000,350,496 | ---- | M] () [Auto | Stop_Pending] -- C:\Program Files (x86)\LemurLeap\bin\utilLemurLeap.exe -- (Util LemurLeap)
SRV - [2014/04/05 09:05:34 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LemurLeap\updateLemurLeap.exe -- (Update LemurLeap)
SRV - [2014/03/11 18:22:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/03 08:32:36 | 002,454,816 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/22 08:15:10 | 001,187,040 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2013/03/28 09:12:36 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/03/15 22:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/10/05 08:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 08:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/11/21 19:05:31 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/10/11 18:35:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/10/11 18:35:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/10/11 18:08:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:*64bit:* - [2011/10/11 18:08:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:*64bit:* - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/11/11 23:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2010/09/21 01:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:*64bit:* - [2010/09/20 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2010/07/20 04:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2010/06/23 20:23:52 | 000,947,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:*64bit:* - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:*64bit:* - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:*64bit:* - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2008/04/08 08:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2010/03/22 20:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {8e2479de-6096-41f3-90ab-83be9946aa2d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {1B02F969-EE27-4B5F-8B89-E43AFA7C4747}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babylon.com/?affID=121107&babsrc=HP_ss_Btisdt5&mntrId=A4B0AC8112B43E2F
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN76054516726472136&UM=2&ctid=CT3310511
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\URLSearchHook: {8e2479de-6096-41f3-90ab-83be9946aa2d} - No CLSID value found
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\SearchScopes,bProtectorDefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3291327&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN18975656961100611&UM=2&UP=SP8E6A7B4D-DB33-42B1-9225-3FFA2A84C5AA&q={SearchTerms}
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


----------



## Frustrated1636 (Oct 25, 2012)

Never mind....just uploaded OTL Text file..consider this 2 of 3...Extras Text File ran two days ago will be sent next


----------



## Frustrated1636 (Oct 25, 2012)

This will be the last file in responding to last instructions....text from Extras Log, which was run two days ago....OTL file uploaded in previous reply was run today and did not produce Extras File

*OTL Extras logfile* created on: 4/5/2014 1:28:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chuck\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 13.07% Memory free
8.18 Gb Paging File | 3.22 Gb Available in Paging File | 39.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 634.77 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
Drive D: | 288.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.89 Gb Total Space | 5.58 Gb Free Space | 37.47% Space Free | Partition Type: FAT32

Computer Name: RIPPER | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Chuck\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Chuck\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055CB510-ADCF-4FBC-9818-D81CD04025A5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{07FA206D-42D1-44A5-B108-9D66F51F5A70}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0C72EABF-1E9D-4A0A-9A5D-0ABA5B486ADE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1F486447-CED3-40C8-A6B9-8DDD2639D6E2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{27EEAAAB-D914-403A-88A0-D5AB2C5B16A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A051978-E867-4330-8A8F-C63E120B1581}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C613C6D-57ED-49CE-9CA9-7A2D4AE80A55}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{2C7639F1-F235-407E-AD28-3DC375979A0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2CFF0279-D958-4920-82C3-0D97379E4ED9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{38FA9EA1-F02E-47CD-9822-8F615E591DD8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3A737E20-3A8E-4045-94BD-6EDEDF7099FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4BAAE860-96D6-4D1B-B979-FC33A6CF0B0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4CB4ACA6-79A0-493C-A289-BC7EC590F9E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4DB2309B-374C-4FEB-981E-DFD870554AFA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{52E18099-05D2-4245-8A7C-31EF961B652C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{541D5179-905D-450F-A3F6-7181EBE31D55}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5832A90A-1F85-4BA5-BD8C-4123329A4AB4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{586133F1-78F4-48EB-A332-CC375BAB1C28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5B32FDB3-3BAE-434A-BEE6-0A6FFDF715FB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5CB04797-CEB7-4FC1-ADBF-44130D207365}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5F6F3860-5D55-49E1-A7B0-869B3DA89A4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{61C5044F-5D0D-4211-AA7B-A1092139373C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63AC28E0-A8E5-4EC7-82FB-44005E6E94C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A5F480D-139E-4053-BE15-3AE3B63A84E2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{72CE2E7F-2DDE-4A08-9E3F-3B4AEEA128BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{73248A38-AD99-4563-837B-C396E32E1D76}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7C079BC5-A24C-4CF9-89B1-CAFA9B5E8E13}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7C12283F-0961-4B73-AFA8-0330610DFA30}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{85F7AA5E-921B-4348-BC0D-625C0B63ADD6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8956467F-B5D2-47FE-BAEE-7CEEEE084678}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8A7D673D-6676-4305-B59A-95E61085C029}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8BAC8B34-7E83-4B8B-B798-DA40EDF38430}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{90446E2D-B330-43E7-8961-6644DE10137E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{A0DCB322-7253-4072-9157-BC400EBD4C37}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AB65DCA4-1096-4627-98E3-DCA75F522242}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE45F888-D5D0-4B49-BFA1-927FD7C180BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B0D65389-8CE0-4C84-9BFB-C37D07C4B0E1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B2C2A41E-FF22-4CEA-9C93-FFB278D75381}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9D3FBF0-839D-4FE6-8D82-90C6A5C5D424}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9EE5A58-2E24-4474-B445-061308704E48}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CE51272C-2D1A-4E86-A82A-BCB286C7B85E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D05D3C24-A6FD-45A7-AA2A-53217571C8EB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D947AE27-F88D-4127-A877-D491B8FE4F36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DF61F6FA-9640-4BD7-BE40-F47FC0AC5DB4}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{EF25621D-1CD2-4A62-B0C9-1E32ADCBCAE5}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E43938-F70F-4CFD-884E-857440E58223}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
"{0C514B97-D2DC-440B-986F-C48CBDD42C07}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{0F4D9B2C-1FAC-4CA5-92A5-E523F7EEE793}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{154B256B-08DC-4A95-8817-07980BDF704F}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{2799DDAE-79B8-4C0C-9649-C4264553E21D}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 
"{28332015-E474-4263-A1F9-3793455AA619}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{2E1CCE53-88EB-4442-8986-92BC135661BE}" = protocol=17 | dir=in | app=c:\users\chuck\appdata\local\akamai\netsession_win.exe | 
"{365C8D91-4D87-4D8A-A547-266468F60F94}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3764A57F-C31F-4292-BBB3-957234EC47DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{387F15A5-2D89-4D57-8CBD-A3CB2E7CD5E8}" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"{3BBCE7A3-ABE6-44B6-9BE1-21CC8F0E1CFD}" = protocol=58 | dir=in | [email protected],-28545 | 
"{3D7F2E9C-EE97-4A15-BD25-0B195573BDD6}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{434F37E1-E3A9-41F5-A3EC-ABE0B1DEC1A3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{47CAE5AC-79D7-42C8-97D1-CABDBACE5606}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{4D42E234-2ECF-44CA-8E0B-156797F33F09}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{56821152-58B5-4534-B0B1-9E0ED37764CF}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 
"{56D921BC-260D-4050-9407-C5E025E38DE5}" = dir=in | app=c:\users\chuck\appdata\local\gcc\controller.exe | 
"{6DD394F1-589C-46A3-AED4-5B44EC6C0524}" = protocol=6 | dir=in | app=c:\users\chuck\appdata\local\akamai\netsession_win.exe | 
"{74F58116-7DCA-41AD-ACFF-8A8A32CD6D82}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{76C1B1C0-850A-43B8-8202-854396893543}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7B84C613-E3D2-4E9E-A291-48ADED67794D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{7B9443FF-0679-47D8-BD86-FE789E79DAF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{856D062F-B7C8-4C37-AAEC-12D80A826B18}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{8AF1C43B-A4CB-413C-B652-7B6CE46E4FB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CDE3A3C-4294-4B85-9A40-5CA574C02844}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{9554B44A-9BB7-4439-87CF-518064BBFDD6}" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"{95CCF94F-76AF-4E55-BD72-405D6A3AD54E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C938FEE-8C8A-4DA3-AA5C-B3B2A1813992}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
"{B36214BF-1CE4-4970-9066-19E23D7F263A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE0A1B6F-A034-4050-84A4-ED878995A0F9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{C4BEF603-88F3-4F48-B57A-ABF5CE581C00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9E58619-F0A7-45D6-AACA-595CB3FCE077}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CAA9C4C0-627D-42A2-9681-D7E8082B0752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCF9F312-8882-426A-B98E-8713E5F1ED76}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{CF28262A-C424-4A2F-A3E2-D4D8A42F60C6}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D09CA124-A3A6-4FB1-BEB9-CDFEA0EFB2CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D295AE00-56E1-4300-AE63-516F17A9A70D}" = protocol=6 | dir=out | app=system | 
"{D49CBCF7-9F16-4CBC-84F4-22E895205CB5}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 
"{D5E0E2BA-2875-496B-8397-449C679C0212}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
"{D86575D7-5DA1-4E29-A62B-2A4021AD5FBD}" = protocol=58 | dir=out | [email protected],-28546 | 
"{D8833EF5-F397-45C4-B299-B6D2B0C36A89}" = protocol=1 | dir=in | [email protected],-28543 | 
"{D99CF925-0D0E-450F-A9CC-2A00337698A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E3726814-F59D-4208-840B-8E7767E71ED0}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 
"{E7FD7EF4-3E6E-462A-AB48-D942AB6A74C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9373804-465B-4B27-A2F5-563DBFFE21D1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{F3A3E401-D305-43D4-ABB6-D6FC48B90004}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
"{F65F9780-4799-4AA8-A0B1-5CF354E7CF44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F8E1A17C-E64A-4E15-AC67-33840E640AB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC9B9F34-93EB-4DCA-9762-A64E65E5ECD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FF6752DA-F4D2-439A-9560-6EC458B310AD}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"TCP Query User{236B71BF-31DF-4FBE-8E2B-C918D51B8A46}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{24EF4C26-58B6-46B9-A222-9B882D224C02}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"TCP Query User{834C305C-014A-431F-948C-52DE4EE622BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A02865FC-6E7B-482F-9F74-60BAB63E9653}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{D30303C1-2CFF-4A4E-81EF-FE5FC8FF9E71}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{FAD5191B-805C-48A7-A0F9-77E0EF41374B}C:\users\chuck\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chuck\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{15741404-9C2B-4805-9C34-FD821CFE9EE3}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{28C83E94-1B15-4974-8727-C76326778406}C:\users\chuck\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chuck\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{4629798D-F2F0-495D-B445-3F3697EB5654}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{5F6BF63C-7098-4589-A1AA-2D988463B7A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6DF48E35-9C26-41A3-BDE1-5FFC1DA610FD}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"UDP Query User{E6B35B45-4DB4-4428-B394-F425E4ACAB92}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"LemurLeap" = LemurLeap 3.0.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"McAfee Security Scan" = McAfee Security Scan Plus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.07
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8BA2648C-B0E5-4EAD-9789-22F807478D1E}" = TurboTax 2011 wrapper
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{973DD1DF-D51D-46BB-B6AC-D56617D133C1}" = Iminent
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E3CDA4E-6522-43EB-AF6F-C8CA318A0772}" = TurboTax 2011 WinBizReleaseEngine
"{A004ACC6-A33D-4083-9775-139C76852C49}" = TurboTax 2011 WinBizFedFormset
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}" = SmARtCompare
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DB9AB084-C93E-4D07-8BB9-0EC5CA5467BC}" = TurboTax 2011 WinBizTaxSupport
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C485C1-83E6-CEA4-68E9-DA8C3B0B09D1}" = PngToPaPTuConuvertt
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims 3 University Life
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE595739-84F4-4964-9EBC-4F53F63785EE}" = TurboTax 2011 wilpbpm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online v1200.0054.0447.4006
"77Zip" = 77zip
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"BetterSurf Plus V1" = BetterSurf Plus V1
"Dll-Files Fixer_is1" = Dll-Files Fixer
"DMO" = GDMO
"DMUninstaller" = DMUninstaller
"GigaClicks Crawler" = GigaClicks Crawler
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"IECT3310511" = SweetPacks Toolbar for IE
"IMBoosterARP" = Iminent
"InstallConverter" = InstallConverter
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"JFileManager" = JFileManager
"KeyBar_1.14 Toolbar" = KeyBar 1.14 Toolbar
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Lightspark" = Lightspark 0.5.3-git
"MediaViewerV1alpha3789" = Media Viewer
"MediaViewV1alpha753" = Media View
"Mixxx (1.10.0)" = Mixxx 1.10.0
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Origin" = Origin
"RealPlayer 16.0" = RealPlayer
"Risk" = Risk (remove only)
"SearchProtect" = Search Protect
"Stamps.com" = Stamps.com
"TurboTax 2011" = TurboTax 2011
"TurboTax Business 2011" = TurboTax Business 2011
"Wajam" = Wajam
"Webexp Enhanced" = Webexp Enhanced
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Chuck
"HappyCloud" = Happy Cloud Client
"lotro_highres_en" = The Lord of the Rings Online
"Severe Weather Alerts" = Severe Weather Alerts
"workspacedesktop" = Workspace Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2014 11:08:38 AM | Computer Name = Ripper | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 31.0.1650.63, time
stamp: 0x529e8b45 Faulting module name: SPVC32.dll_unloaded, version: 0.0.0.0, time
stamp: 0x52ef702a Exception code: 0xc0000005 Fault offset: 0x5d6dce0a Faulting process
id: 0xf48 Faulting application start time: 0x01cf24df87a5961a Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: SPVC32.dll Report Id: e2f5ee6a-90d2-11e3-a733-c89cdc6704e5

Error - 2/8/2014 11:08:42 AM | Computer Name = Ripper | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 31.0.1650.63, time
stamp: 0x529e8b45 Faulting module name: SPVC32.dll_unloaded, version: 0.0.0.0, time
stamp: 0x52ef702a Exception code: 0xc0000005 Fault offset: 0x5d4bbb60 Faulting process
id: 0xf48 Faulting application start time: 0x01cf24df87a5961a Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: SPVC32.dll Report Id: e560d431-90d2-11e3-a733-c89cdc6704e5

Error - 2/8/2014 12:32:47 PM | Computer Name = Ripper | Source = Application Error | ID = 1000
Description = Faulting application name: TS3W.exe, version: 0.2.0.205, time stamp:
0x525c2c0e Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp:
0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x0001500a Faulting process id:
0x1db0 Faulting application start time: 0x01cf24e8953d8ac2 Faulting application path:
C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe Faulting module
path: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
Id: a4531e76-90de-11e3-a733-c89cdc6704e5

Error - 2/8/2014 2:06:13 PM | Computer Name = Ripper | Source = Application Hang | ID = 1002
Description = The program RobloxPlayerBeta.exe version 0.136.0.43052 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ce8 Start
Time: 01cf24f8352f88ec Termination Time: 7009 Application Path: C:\Users\Chuck\AppData\Local\Roblox\Versions\version-afc74353f06542bd\RobloxPlayerBeta.exe

Report
Id: a80ccae8-90eb-11e3-a733-c89cdc6704e5

Error - 2/8/2014 3:30:35 PM | Computer Name = Ripper | Source = Application Hang | ID = 1002
Description = The program lotroclient.exe version 1202.54.3476.4013 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a8c Start
Time: 01cf250389f16e51 Termination Time: 9 Application Path: C:\ProgramData\Turbine\The
Lord of the Rings Online\lotroclient.exe Report Id: 72f52b6d-90f7-11e3-a733-c89cdc6704e5

Error - 2/8/2014 4:33:50 PM | Computer Name = Ripper | Source = WinMgmt | ID = 10
Description =

Error - 2/9/2014 9:12:15 AM | Computer Name = Ripper | Source = WinMgmt | ID = 10
Description =

Error - 2/9/2014 10:51:10 AM | Computer Name = Ripper | Source = Application Hang | ID = 1002
Description = The program RobloxPlayerBeta.exe version 0.136.0.43052 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f34 Start
Time: 01cf25a632b0db05 Termination Time: 30 Application Path: C:\Users\Chuck\AppData\Local\Roblox\Versions\version-afc74353f06542bd\RobloxPlayerBeta.exe

Report
Id: 994762cc-9199-11e3-a928-c89cdc6704e5

Error - 2/9/2014 2:08:13 PM | Computer Name = Ripper | Source = Application Hang | ID = 1002
Description = The program TurbineLauncher.exe version 1202.54.3476.4013 stopped 
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Action Center control panel. Process
ID: 155c Start Time: 01cf25c1be113cd7 Termination Time: 3 Application Path: C:\ProgramData\Turbine\The
Lord of the Rings Online\TurbineLauncher.exe Report Id: 20643e92-91b5-11e3-a928-c89cdc6704e5

Error - 2/25/2014 5:03:21 PM | Computer Name = Ripper | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2014 5:04:14 PM | Computer Name = Ripper | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 31.0.1650.63, time
stamp: 0x529e8b45 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process
id: 0x460 Faulting application start time: 0x01cf326d1176424b Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\windows\SysWOW64\ntdll.dll Report Id: 60ff5a6a-9e60-11e3-be79-c89cdc6704e5

[ System Events ]
Error - 3/10/2014 11:27:37 AM | Computer Name = Ripper | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR18.

Error - 3/10/2014 11:27:38 AM | Computer Name = Ripper | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR18.

Error - 3/10/2014 8:54:14 PM | Computer Name = Ripper | Source = DCOM | ID = 10016
Description =

Error - 3/12/2014 9:45:05 AM | Computer Name = Ripper | Source = Microsoft-Windows-Eventlog | ID = 106
Description = Corruption was detected in the log for the Microsoft-Windows-Windows
Firewall With Advanced Security/Firewall channel and some data was erased.

Error - 3/12/2014 9:45:05 AM | Computer Name = Ripper | Source = Service Control Manager | ID = 7000
Description = The DefaultTabUpdate service failed to start due to the following 
error: %%2

Error - 3/12/2014 9:45:05 AM | Computer Name = Ripper | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the 
following error: %%2

Error - 3/12/2014 9:45:10 AM | Computer Name = Ripper | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.1.3 service failed to start due to the following
error: %%2

Error - 3/12/2014 9:54:31 AM | Computer Name = Ripper | Source = DCOM | ID = 10016
Description =

Error - 3/12/2014 1:55:49 PM | Computer Name = Ripper | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

Error - 3/12/2014 1:55:50 PM | Computer Name = Ripper | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR4.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Hi, you said you've uploaded the OTL log (the first one) but only a partial log is there, no attachments.

To upload as an attachment, do this:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## eddie5659 (Mar 19, 2001)

Forgot to say, the OTL log should be here:

*C:\Users\Chuck\Downloads*


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

I went ahead and reran the OTL scan and I am attaching the OTL log file. It did not produce and Extras file, not sure if I am doing anything wrong. Thanks again for your help!


----------



## eddie5659 (Mar 19, 2001)

That's fine, it doesn't produce the Extra's after the first run, unless you ask for it 

Give me a few mins or more, its a long log to go thru


----------



## eddie5659 (Mar 19, 2001)

Okay, there is lots to remove, but before I do, I need to look at something you have in the log. Bear with me, just checking on it fully


----------



## eddie5659 (Mar 19, 2001)

Still going through it, but you have quite a lot. So, whilst I still go through the logs, can you run the following for me, and post their logs 

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Go here, to download and save *AdwCleaner.exe* to your desktop.



Just click on the *Download Now @BleepingComputer*

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click *AdwCleaner.exe* to load its main window.

Click the *Scan* button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here_


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

Sorry this is so bad. The malwarebytes log was too long to paste so I am attaching the file. I' do the next step now

Thanks!!!!!!!!!!!


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

Here's another one....Super Anti Spyware. Also too large to paste so I am uploading...

And I'll start the last item now... THANKS!!!!


----------



## Frustrated1636 (Oct 25, 2012)

That was quik....hjere is log from AdwCleaner. Your instructions did say whether I should have AdwCleaner remove the toolbar that it identified....should I? Thanks....I will await further instructions. Thanks so much!

# AdwCleaner v3.023 - Report created 11/04/2014 at 14:49:04
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chuck - RIPPER
# Running from : C:\Users\Chuck\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\defaulttab.config
File Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\searchplugins\search.xml
File Found : C:\windows\System32\Tasks\BitGuard
File Found : C:\windows\System32\Tasks\Dealply
File Found : C:\windows\System32\Tasks\DealPlyUpdate
Folder Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
Folder Found : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\128
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\Tencent
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Tencent
Folder Found C:\Program Files (x86)\w3i
Folder Found C:\Program Files (x86)\Wajam
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Iminent
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\Partner
Folder Found C:\ProgramData\w3i
Folder Found C:\Users\Chuck\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Chuck\AppData\Local\NativeMessaging
Folder Found C:\Users\Chuck\AppData\Local\SearchProtect
Folder Found C:\Users\Chuck\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Chuck\AppData\Local\Temp\apn
Folder Found C:\Users\Chuck\AppData\Local\Temp\NativeMessaging
Folder Found C:\Users\Chuck\AppData\Local\WhiteListing
Folder Found C:\Users\Chuck\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Chuck\AppData\LocalLow\Conduit
Folder Found C:\Users\Chuck\AppData\LocalLow\internethelper3.1
Folder Found C:\Users\Chuck\AppData\LocalLow\PriceGong
Folder Found C:\Users\Chuck\AppData\Roaming\BabSolution
Folder Found C:\Users\Chuck\AppData\Roaming\Babylon
Folder Found C:\Users\Chuck\AppData\Roaming\DriverCure
Folder Found C:\Users\Chuck\AppData\Roaming\Iminent
Folder Found C:\Users\Chuck\AppData\Roaming\iWin
Folder Found C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Smartbar
Folder Found C:\Users\Chuck\AppData\Roaming\ParetoLogic
Folder Found C:\Users\Chuck\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Chuck\AppData\Roaming\Tencent
Folder Found C:\Users\Chuck\Documents\Optimizer Pro
Folder Found C:\Users\Chuck\Documents\PC Health Kit
Folder Found C:\windows\SysWOW64\AI_RecycleBin
Folder Found C:\windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\a28cd9b169ba46
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\a28cd9b169ba46
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BetterSurf
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291327
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{973DD1DF-D51D-46BB-B6AC-D56617D133C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\Software\Umbrella
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&q={searchTerms}&installDate=21/09/2013

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\prefs.js ]

Line Found : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3289663.1000234.TWC_TMP_city", "BURBANK");
Line Found : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3289663.1000234.TWC_locId", "USCA0139");
Line Found : user_pref("CT3289663.1000234.TWC_location", "Burbank, CA");
Line Found : user_pref("CT3289663.1000234.TWC_region", "US");
Line Found : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.FF19Solved", "true");
Line Found : user_pref("CT3289663.FirstTime", "true");
Line Found : user_pref("CT3289663.FirstTimeFF3", "true");
Line Found : user_pref("CT3289663.UserID", "UN14256752392989768");
Line Found : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289663.countryCode", "US");
Line Found : user_pref("CT3289663.defaultSearch", "true");
Line Found : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3289663.enableAlerts", "true");
Line Found : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3289663.fullUserID", "UN14256752392989768.IN.20131012180122");
Line Found : user_pref("CT3289663.installDate", "12/10/2013 18:01:24");
Line Found : user_pref("CT3289663.installId", "stub.exe");
Line Found : user_pref("CT3289663.installSessionId", "{0642496A-A4B4-4638-9404-88393DE50C14}");
Line Found : user_pref("CT3289663.installSp", "TRUE");
Line Found : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Found : user_pref("CT3289663.installUsage", "2013-11-10T00:48:00.0633618+03:00");
Line Found : user_pref("CT3289663.installUsageEarly", "2013-11-10T00:47:27.7219197+03:00");
Line Found : user_pref("CT3289663.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289663.keyword", "true");
Line Found : user_pref("CT3289663.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289663.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InternetHelper31.OurToolb[...]
Line Found : user_pref("CT3289663.openThankYouPage", "false");
Line Found : user_pref("CT3289663.openUninstallPage", "true");
Line Found : user_pref("CT3289663.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN32011770302803911&UM=2&SearchSource=13&UP=SP8E6A7B4D-DB33-42B1-9225-3FFA2A84C5AA");
Line Found : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=50b74421-cc00-47f6-a983-9bfe3796b1e9&searchtype=ds&installDate=21/09/2013&q=");
Line Found : user_pref("CT3289663.originalSearchEngine", "Web Search");
Line Found : user_pref("CT3289663.originalSearchEngineName", "SweetPacks Customized Web Search");
Line Found : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Found : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Found : user_pref("CT3289663.search.searchCount", "0");
Line Found : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3289663.searchRevert", "false");
Line Found : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchUserMode", "2");
Line Found : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1387071085385");
Line Found : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387071085951");
Line Found : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1387071082269");
Line Found : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387071082839");
Line Found : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384033671659");
Line Found : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384033703140");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.20.1.8_lastUpdate", "1384033697504");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.21.1.507_lastUpdate", "1387071082273");
Line Found : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387071082904");
Line Found : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1387071084434");
Line Found : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1387071082218");
Line Found : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387071082796");
Line Found : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1387071083628");
Line Found : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1387071084000");
Line Found : user_pref("CT3289663.settingsINI", true);
Line Found : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3289663.showToolbarPermission", "false");
Line Found : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Found : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289663.smartbar.homepage", "true");
Line Found : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Found : user_pref("CT3289663.startPage", "true");
Line Found : user_pref("CT3289663.toolbarBornServerTime", "10-11-2013");
Line Found : user_pref("CT3289663.toolbarCurrentServerTime", "15-12-2013");
Line Found : user_pref("CT3289663.toolbarLoginClientTime", "Sat Nov 09 2013 15:48:17 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT3289663.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3289663.xpeMode", "0");
Line Found : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387071206253,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3291327.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3291327.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3291327.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.FF19Solved", "true");
Line Found : user_pref("CT3291327.FirstTime", "true");
Line Found : user_pref("CT3291327.FirstTimeFF3", "true");
Line Found : user_pref("CT3291327.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3291327.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Found : user_pref("CT3291327.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3291327.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Found : user_pref("CT3291327.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3291327.UserID", "UN94084410582152557");
Line Found : user_pref("CT3291327._key_edilia__uID", "%BA%E9%BC%EA%B6%B7%BD%B9%B3%BF%EC%BA%BD%B3%BA%EC%E9%BC%B3%BF%BC%BC%BF%B3%EB%B8%B7%B7%B7%EB%E7%E9%EA%EA%BB%BC");
Line Found : user_pref("CT3291327._key_edilia__uID.enc", "NGM2ZDAxNzMtOWY0Ny00ZmM2LTk2NjktZTIxMTFlYWNkZDU2");
Line Found : user_pref("CT3291327.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3291327.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3291327.cbfirsttime", "%D9%E7%FA%A6%D4%F5%FC%A6%B6%BF%A6%B8%B6%B7%B9%A6%B7%BB%C0%BA%BE%C0%BB%BA%A6%CD%D3%DA%B3%B6%BC%B6%B6%A6%AE%C9%EB%F4%FA%F8%E7%F2%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Found : user_pref("CT3291327.cbfirsttime.enc", "U2F0IE5vdiAwOSAyMDEzIDE1OjQ4OjU0IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3291327.countryCode", "US");
Line Found : user_pref("CT3291327.defaultSearch", "true");
Line Found : user_pref("CT3291327.embeddedsData", "[{\"appId\":\"130075605338768184\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3291327.enableAlerts", "true");
Line Found : user_pref("CT3291327.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3291327.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3291327.fixPageNotFoundError", "true");
Line Found : user_pref("CT3291327.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3291327.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3291327.fixUrls", true);
Line Found : user_pref("CT3291327.fullUserID", "UN94084410582152557.IN.20130817132012");
Line Found : user_pref("CT3291327.installDate", "17/08/2013 13:20:12");
Line Found : user_pref("CT3291327.installId", "stub.exe");
Line Found : user_pref("CT3291327.installSessionId", "{1D3E3D3B-42C7-4673-9C77-B5AD46492B7B}");
Line Found : user_pref("CT3291327.installSp", "TRUE");
Line Found : user_pref("CT3291327.installType", "conduitnsisintegration");
Line Found : user_pref("CT3291327.installUsage", "2013-11-10T00:48:00.0662907+03:00");
Line Found : user_pref("CT3291327.installUsageEarly", "2013-11-10T00:47:27.6935693+03:00");
Line Found : user_pref("CT3291327.installerVersion", "1.5.4.5");
Line Found : user_pref("CT3291327.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3291327.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3291327.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3291327.keyword", "true");
Line Found : user_pref("CT3291327.lastVersion", "10.20.3.520");
Line Found : user_pref("CT3291327.mam_gk_appStateReportTime", "%B7%B9%BE%BD%B6%BD%B7%B7%B6%B9%BA%B7%BC");
Line Found : user_pref("CT3291327.mam_gk_appStateReportTime.enc", "MTM4NzA3MTEwMzQxNg==");
Line Found : user_pref("CT3291327.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_Discover", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_Discover_Apps", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_Discover_Apps.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_Easytobook", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_PriceGong", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_WindowShopper", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_YieldKit", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_YieldKit.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appState_app13", "%F5%F4");
Line Found : user_pref("CT3291327.mam_gk_appState_app13.enc", "b24=");
Line Found : user_pref("CT3291327.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJhcHAxMyIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvZWRpbGlhL2VkaWxpYS5odG1sIiwic2NyaXB0VX[...]
Line Found : user_pref("CT3291327.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT3291327.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3291327.mam_gk_calledSetupService", "%B7");
Line Found : user_pref("CT3291327.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Line Found : user_pref("CT3291327.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Line Found : user_pref("CT3291327.mam_gk_existingUsersRecoveryDone", "%B7");
Line Found : user_pref("CT3291327.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_first_time", "%B7");
Line Found : user_pref("CT3291327.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Found : user_pref("CT3291327.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_lastLoginTime", "%B7%B9%BE%BD%B6%BD%B7%B7%B6%BB%BB%BA%BA");
Line Found : user_pref("CT3291327.mam_gk_lastLoginTime.enc", "MTM4NzA3MTEwNTU0NA==");
Line Found : user_pref("CT3291327.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT3291327.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Found : user_pref("CT3291327.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3291327.mam_gk_new_welcome_experience", "%B7");
Line Found : user_pref("CT3291327.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Found : user_pref("CT3291327.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3291327.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3291327.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Found : user_pref("CT3291327.mam_gk_settings1.12.0.5", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3291327.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTUiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Found : user_pref("CT3291327.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT3291327.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3291327.mam_gk_stamp", "%BE%BC%E5%B6");
Line Found : user_pref("CT3291327.mam_gk_stamp.enc", "ODZfMA==");
Line Found : user_pref("CT3291327.mam_gk_userId", "%B6%B9%EB%B6%B6%EA%BB%EA%B3%E8%BF%B9%EA%B3%BA%BA%BF%B8%B3%E8%BE%EC%B9%B3%BD%BC%BE%BD%E8%BD%E7%BA%BB%B8%E7%BB");
Line Found : user_pref("CT3291327.mam_gk_userId.enc", "MDNlMDBkNWQtYjkzZC00NDkyLWI4ZjMtNzY4N2I3YTQ1MmE1");
Line Found : user_pref("CT3291327.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT3291327.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3291327.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT3291327.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3291327.migrateAppsAndComponents", true);
Line Found : user_pref("CT3291327.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar114.OurToolbar.com/[...]
Line Found : user_pref("CT3291327.openThankYouPage", "false");
Line Found : user_pref("CT3291327.openUninstallPage", "true");
Line Found : user_pref("CT3291327.originalHomepage", "hxxp://isearch.babylon.com/?affID=121107&babsrc=HP_ss_btis&mntrId=A4B0AC8112B43E2F");
Line Found : user_pref("CT3291327.originalSearchAddressUrl", "");
Line Found : user_pref("CT3291327.originalSearchEngine", "Delta Search");
Line Found : user_pref("CT3291327.originalSearchEngineName", "");
Line Found : user_pref("CT3291327.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3291327.rematchagent-periodic-reports", "%u0101%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BD%B6%BD%B7%B7%B7%BD%B8%B8%B9%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3%u0103");
Line Found : user_pref("CT3291327.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzg3MDcxMTE3MjIzLDE0NDAwMDAwXX0=");
Line Found : user_pref("CT3291327.rematchagent-user-id", "%A8%BF%EB%E8%EA%E9%EB%E7%BD%B3%B6%B6%EC%BE%B3%BA%BA%EB%BB%B3%BE%BE%E8%B8%B3%B6%B8%B8%BF%BB%BF%EC%BC%E7%B7%BC%B6%A8");
Line Found : user_pref("CT3291327.rematchagent-user-id.enc", "IjllYmRjZWE3LTAwZjgtNDRlNS04OGIyLTAyMjk1OWY2YTE2MCI=");
Line Found : user_pref("CT3291327.revertSettingsEnabled", "false");
Line Found : user_pref("CT3291327.search.searchAppId", "130075605338768184");
Line Found : user_pref("CT3291327.search.searchCount", "0");
Line Found : user_pref("CT3291327.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3291327.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3291327.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3291327.searchRevert", "false");
Line Found : user_pref("CT3291327.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3291327.searchUserMode", "2");
Line Found : user_pref("CT3291327.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3291327\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar114.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.14 \"}");
Line Found : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291327.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3291327.serviceLayer_services_Configuration_lastUpdate", "1387071084858");
Line Found : user_pref("CT3291327.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387071082631");
Line Found : user_pref("CT3291327.serviceLayer_services_appsMetadata_lastUpdate", "1387071082264");
Line Found : user_pref("CT3291327.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387071082423");
Line Found : user_pref("CT3291327.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384033671558");
Line Found : user_pref("CT3291327.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384033703132");
Line Found : user_pref("CT3291327.serviceLayer_services_login_10.16.9.6_lastUpdate", "1384033696519");
Line Found : user_pref("CT3291327.serviceLayer_services_login_10.20.3.520_lastUpdate", "1387071082299");
Line Found : user_pref("CT3291327.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387071082448");
Line Found : user_pref("CT3291327.serviceLayer_services_searchAPI_lastUpdate", "1387071084350");
Line Found : user_pref("CT3291327.serviceLayer_services_serviceMap_lastUpdate", "1387071082066");
Line Found : user_pref("CT3291327.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387071082398");
Line Found : user_pref("CT3291327.serviceLayer_services_toolbarSettings_lastUpdate", "1387071082873");
Line Found : user_pref("CT3291327.serviceLayer_services_translation_lastUpdate", "1387071082234");
Line Found : user_pref("CT3291327.settingsINI", true);
Line Found : user_pref("CT3291327.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3291327.showToolbarPermission", "false");
Line Found : user_pref("CT3291327.smartbar.CTID", "CT3291327");
Line Found : user_pref("CT3291327.smartbar.Uninstall", "0");
Line Found : user_pref("CT3291327.smartbar.homepage", "true");
Line Found : user_pref("CT3291327.smartbar.toolbarName", "KeyBar 1.14 ");
Line Found : user_pref("CT3291327.startPage", "true");
Line Found : user_pref("CT3291327.toolbarBornServerTime", "10-11-2013");
Line Found : user_pref("CT3291327.toolbarCurrentServerTime", "15-12-2013");
Line Found : user_pref("CT3291327.toolbarLoginClientTime", "Sat Nov 09 2013 15:48:16 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT3291327.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%B4%E7%F4%EF%F3%EB%EC%F8%EB%E7%F1%B4%FA%FC%B5%FD%E7%FA%E9%EE%B5%EE%EF%ED%EE%F9%E9%EE%F5%F5%F2%B3%EA%EB%E7%EA%B3%EB%F6%EF%F9%F5%EA%[...]
Line Found : user_pref("CT3291327.url_history0001.enc", "aHR0cDovL3d3dy5hbmltZWZyZWFrLnR2L3dhdGNoL2hpZ2hzY2hvb2wtZGVhZC1lcGlzb2RlLTExLW9ubGluZTo6OmNsaWNraGFuZGxlcjo6OjEzODQwMzM5NjEzOTMsLCxodHRwOi8vd3d3LmFuaW1lZnJl[...]
Line Found : user_pref("CT3291327.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3291327.xpeMode", "0");
Line Found : user_pref("CT3291327_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387071205929,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3310511.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Found : user_pref("CT3310511.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.FF19Solved", "true");
Line Found : user_pref("CT3310511.FirstTime", "true");
Line Found : user_pref("CT3310511.FirstTimeFF3", "true");
Line Found : user_pref("CT3310511.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Found : user_pref("CT3310511.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3310511.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Found : user_pref("CT3310511.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3310511.UserID", "UN32011770302803911");
Line Found : user_pref("CT3310511._key_cl_active", "%EC%EB%B8%B6%BE%EA%BE%E8%B3%E9%BE%B6%BD%B3%BA%BE%BB%E8%B3%E7%E8%BD%BF%B3%B9%BD%B8%E8%BC%BD%BD%BE%BD%B7%EC%EB");
Line Found : user_pref("CT3310511._key_cl_active.enc", "ZmUyMDhkOGItYzgwNy00ODViLWFiNzktMzcyYjY3Nzg3MWZl");
Line Found : user_pref("CT3310511.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3310511.cbfirsttime", "%D9%E7%FA%A6%D4%F5%FC%A6%B6%BF%A6%B8%B6%B7%B9%A6%B7%BB%C0%BA%BE%C0%BB%BB%A6%CD%D3%DA%B3%B6%BC%B6%B6%A6%AE%C9%EB%F4%FA%F8%E7%F2%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Found : user_pref("CT3310511.cbfirsttime.enc", "U2F0IE5vdiAwOSAyMDEzIDE1OjQ4OjU1IEdNVC0wNjAwIChDZW50cmFsIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3310511.countryCode", "US");
Line Found : user_pref("CT3310511.defaultSearch", "true");
Line Found : user_pref("CT3310511.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Found : user_pref("CT3310511.enableAlerts", "true");
Line Found : user_pref("CT3310511.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3310511.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3310511.fixPageNotFoundError", "true");
Line Found : user_pref("CT3310511.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3310511.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3310511.fullUserID", "UN32011770302803911.IN.20130915003708");
Line Found : user_pref("CT3310511.installDate", "15/09/2013 00:37:09");
Line Found : user_pref("CT3310511.installId", "cid107");
Line Found : user_pref("CT3310511.installSessionId", "{23BD20BF-2C35-4D98-B074-76F0737F06C4}");
Line Found : user_pref("CT3310511.installSp", "TRUE");
Line Found : user_pref("CT3310511.installType", "conduitnsisintegration");
Line Found : user_pref("CT3310511.installUsage", "2013-11-10T00:48:00.0633618+03:00");
Line Found : user_pref("CT3310511.installUsageEarly", "2013-11-10T00:47:27.6935693+03:00");
Line Found : user_pref("CT3310511.installerVersion", "1.7.0.9");
Line Found : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3310511.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3310511.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3310511.keyword", "true");
Line Found : user_pref("CT3310511.lastVersion", "10.21.1.507");
Line Found : user_pref("CT3310511.mam_gk_appStateReportTime", "%B7%B9%BE%BD%B6%BD%B7%B7%B6%BA%BC%B8%BF");
Line Found : user_pref("CT3310511.mam_gk_appStateReportTime.enc", "MTM4NzA3MTEwNDYyOQ==");
Line Found : user_pref("CT3310511.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Discover", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobookcars", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_JobsMiner", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_JobsMiner.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_PriceGong", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appState_WindowShopper", "%F5%F4");
Line Found : user_pref("CT3310511.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3310511.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Found : user_pref("CT3310511.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT3310511.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3310511.mam_gk_calledSetupService", "%B7");
Line Found : user_pref("CT3310511.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Line Found : user_pref("CT3310511.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Line Found : user_pref("CT3310511.mam_gk_eventsCache", "%u0101%A8%EB%E8%B9%B6%EC%B7%B6%B9%B3%EA%BE%EA%E7%B3%BA%E7%B8%EB%B3%BE%EB%B6%BA%B3%BF%BF%B6%BB%BD%B7%E8%BF%BE%BD%BA%B8%A8%C0%u0101%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
Line Found : user_pref("CT3310511.mam_gk_eventsCache.enc", "eyJlYjMwZjEwMy1kOGRhLTRhMmUtOGUwNC05OTA1NzFiOTg3NDIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXciLCJsYWJlbCI6I[...]
Line Found : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone", "%B7");
Line Found : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_first_time", "%B7");
Line Found : user_pref("CT3310511.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_gadgetOpen", "%B6");
Line Found : user_pref("CT3310511.mam_gk_gadgetOpen.enc", "MA==");
Line Found : user_pref("CT3310511.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Found : user_pref("CT3310511.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_lastLoginTime", "%B7%B9%BE%BD%B6%BD%B7%B7%B6%BB%BB%BA%BF");
Line Found : user_pref("CT3310511.mam_gk_lastLoginTime.enc", "MTM4NzA3MTEwNTU0OQ==");
Line Found : user_pref("CT3310511.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT3310511.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Found : user_pref("CT3310511.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.mam_gk_new_welcome_experience", "%B7");
Line Found : user_pref("CT3310511.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Found : user_pref("CT3310511.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3310511.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3310511.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Found : user_pref("CT3310511.mam_gk_settings1.12.0.5", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3310511.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTUiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Found : user_pref("CT3310511.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT3310511.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3310511.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Found : user_pref("CT3310511.mam_gk_stamp.enc", "MTA0M18w");
Line Found : user_pref("CT3310511.mam_gk_userId", "%E9%BD%EA%E9%BC%B6%BC%BA%B3%B9%EC%BB%BE%B3%BA%BF%E8%B6%B3%BF%B8%BF%BD%B3%EC%BC%EB%E7%E9%BC%E7%EA%BB%EB%B7%B6");
Line Found : user_pref("CT3310511.mam_gk_userId.enc", "YzdkYzYwNjQtM2Y1OC00OWIwLTkyOTctZjZlYWM2YWQ1ZTEw");
Line Found : user_pref("CT3310511.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT3310511.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3310511.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT3310511.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3310511.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://SweetPacks.OurToolbar.com[...]
Line Found : user_pref("CT3310511.openThankYouPage", "false");
Line Found : user_pref("CT3310511.openUninstallPage", "true");
Line Found : user_pref("CT3310511.originalHomepage", "hxxp://isearch.babylon.com/?affID=121107&babsrc=HP_ss_btis2&mntrId=A4B0AC8112B43E2F");
Line Found : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN94084410582152557&UM=2&q=");
Line Found : user_pref("CT3310511.originalSearchEngine", "Delta Search");
Line Found : user_pref("CT3310511.originalSearchEngineName", "KeyBar 1.14 Customized Web Search");
Line Found : user_pref("CT3310511.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Found : user_pref("CT3310511.search.searchAppId", "10000002");
Line Found : user_pref("CT3310511.search.searchCount", "0");
Line Found : user_pref("CT3310511.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3310511.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3310511.searchRevert", "false");
Line Found : user_pref("CT3310511.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3310511.searchUserMode", "2");
Line Found : user_pref("CT3310511.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3310511\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetPacks.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks \"}");
Line Found : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3310511.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3310511.serviceLayer_services_Configuration_lastUpdate", "1387071084856");
Line Found : user_pref("CT3310511.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387071084516");
Line Found : user_pref("CT3310511.serviceLayer_services_appsMetadata_lastUpdate", "1387071082267");
Line Found : user_pref("CT3310511.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387071082501");
Line Found : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384033671656");
Line Found : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384033703137");
Line Found : user_pref("CT3310511.serviceLayer_services_login_10.20.0.13_lastUpdate", "1384033697387");
Line Found : user_pref("CT3310511.serviceLayer_services_login_10.21.1.507_lastUpdate", "1387071082325");
Line Found : user_pref("CT3310511.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387071082596");
Line Found : user_pref("CT3310511.serviceLayer_services_searchAPI_lastUpdate", "1387071084348");
Line Found : user_pref("CT3310511.serviceLayer_services_serviceMap_lastUpdate", "1387071082061");
Line Found : user_pref("CT3310511.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387071082471");
Line Found : user_pref("CT3310511.serviceLayer_services_toolbarSettings_lastUpdate", "1387071082864");
Line Found : user_pref("CT3310511.serviceLayer_services_translation_lastUpdate", "1387071083994");
Line Found : user_pref("CT3310511.settingsINI", true);
Line Found : user_pref("CT3310511.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3310511.showToolbarPermission", "false");
Line Found : user_pref("CT3310511.smartbar.CTID", "CT3310511");
Line Found : user_pref("CT3310511.smartbar.Uninstall", "0");
Line Found : user_pref("CT3310511.smartbar.homepage", "true");
Line Found : user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
Line Found : user_pref("CT3310511.startPage", "true");
Line Found : user_pref("CT3310511.toolbarBornServerTime", "10-11-2013");
Line Found : user_pref("CT3310511.toolbarCurrentServerTime", "15-12-2013");
Line Found : user_pref("CT3310511.toolbarLoginClientTime", "Sat Nov 09 2013 15:48:17 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT3310511.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%B4%E7%F4%EF%F3%EB%EC%F8%EB%E7%F1%B4%FA%FC%B5%FD%E7%FA%E9%EE%B5%EE%EF%ED%EE%F9%E9%EE%F5%F5%F2%B3%EA%EB%E7%EA%B3%EB%F6%EF%F9%F5%EA%[...]
Line Found : user_pref("CT3310511.url_history0001.enc", "aHR0cDovL3d3dy5hbmltZWZyZWFrLnR2L3dhdGNoL2hpZ2hzY2hvb2wtZGVhZC1lcGlzb2RlLTExLW9ubGluZTo6OmNsaWNraGFuZGxlcjo6OjEzODQwMzM5NjE0MzMsLCxodHRwOi8vd3d3LmFuaW1lZnJl[...]
Line Found : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");
Line Found : user_pref("CT3310511.xpeMode", "0");
Line Found : user_pref("CT3310511_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387071206079,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3315828.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3315828.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3315828.1000234.TWC_TMP_city", "BURBANK");
Line Found : user_pref("CT3315828.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3315828.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3315828.1000234.TWC_locId", "USCA0139");
Line Found : user_pref("CT3315828.1000234.TWC_location", "Burbank, CA");
Line Found : user_pref("CT3315828.1000234.TWC_region", "US");
Line Found : user_pref("CT3315828.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3315828.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3315828.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.FF19Solved", "true");
Line Found : user_pref("CT3315828.FirstTime", "true");
Line Found : user_pref("CT3315828.FirstTimeFF3", "true");
Line Found : user_pref("CT3315828.UserID", "UN23580925597262071");
Line Found : user_pref("CT3315828.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3315828.countryCode", "US");
Line Found : user_pref("CT3315828.defaultSearch", "true");
Line Found : user_pref("CT3315828.embeddedsData", "[{\"appId\":\"130246923278098814\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3315828.enableAlerts", "true");
Line Found : user_pref("CT3315828.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3315828.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3315828.fixPageNotFoundError", "true");
Line Found : user_pref("CT3315828.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3315828.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3315828.fullUserID", "UN23580925597262071.IN.20131109190922");
Line Found : user_pref("CT3315828.installDate", "09/11/2013 19:09:24");
Line Found : user_pref("CT3315828.installId", "stub.exe");
Line Found : user_pref("CT3315828.installSessionId", "{6977FDCD-0035-4557-9A54-B2CC59B5DCEB}");
Line Found : user_pref("CT3315828.installSp", "TRUE");
Line Found : user_pref("CT3315828.installType", "conduitnsisintegration");
Line Found : user_pref("CT3315828.installUsage", "2013-11-14T00:31:14.6315673+03:00");
Line Found : user_pref("CT3315828.installUsageEarly", "2013-11-14T00:31:11.0847831+03:00");
Line Found : user_pref("CT3315828.installerVersion", "1.8.0.14");
Line Found : user_pref("CT3315828.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3315828.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3315828.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3315828.keyword", "true");
Line Found : user_pref("CT3315828.lastVersion", "10.21.1.7");
Line Found : user_pref("CT3315828.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3315828.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InternetHelper37.OurToolb[...]
Line Found : user_pref("CT3315828.openThankYouPage", "false");
Line Found : user_pref("CT3315828.openUninstallPage", "true");
Line Found : user_pref("CT3315828.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN14256752392989768&UM=2&SearchSource=13");
Line Found : user_pref("CT3315828.originalSearchAddressUrl", "hxxp://mysearch.avg.com/search?pid=safeguard&sg=0&cid=%7B870b9529-7932-45e1-8a8a-0106d8d05a58%7D&mid=f4646e2e6e6c47d3857619d59a83ed16-b801e6185419754de[...]
Line Found : user_pref("CT3315828.originalSearchEngine", "Conduit Search");
Line Found : user_pref("CT3315828.originalSearchEngineName", "InternetHelper3.1 Customized Web Search");
Line Found : user_pref("CT3315828.revertSettingsEnabled", "true");
Line Found : user_pref("CT3315828.search.searchAppId", "130246923278098814");
Line Found : user_pref("CT3315828.search.searchCount", "0");
Line Found : user_pref("CT3315828.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3315828.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3315828.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3315828.searchRevert", "true");
Line Found : user_pref("CT3315828.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3315828.searchUserMode", "2");
Line Found : user_pref("CT3315828.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3315828\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper37.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.7 \"}");
Line Found : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315828.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3315828.serviceLayer_services_Configuration_lastUpdate", "1387071085387");
Line Found : user_pref("CT3315828.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387071087670");
Line Found : user_pref("CT3315828.serviceLayer_services_appsMetadata_lastUpdate", "1387071082271");
Line Found : user_pref("CT3315828.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387071082977");
Line Found : user_pref("CT3315828.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384378299183");
Line Found : user_pref("CT3315828.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384378302621");
Line Found : user_pref("CT3315828.serviceLayer_services_login_10.21.1.7_lastUpdate", "1387071082351");
Line Found : user_pref("CT3315828.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387071083041");
Line Found : user_pref("CT3315828.serviceLayer_services_searchAPI_lastUpdate", "1387071084437");
Line Found : user_pref("CT3315828.serviceLayer_services_serviceMap_lastUpdate", "1387071082227");
Line Found : user_pref("CT3315828.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387071082954");
Line Found : user_pref("CT3315828.serviceLayer_services_toolbarSettings_lastUpdate", "1387071082925");
Line Found : user_pref("CT3315828.serviceLayer_services_translation_lastUpdate", "1387071084005");
Line Found : user_pref("CT3315828.settingsINI", true);
Line Found : user_pref("CT3315828.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3315828.showToolbarPermission", "false");
Line Found : user_pref("CT3315828.smartbar.CTID", "CT3315828");
Line Found : user_pref("CT3315828.smartbar.Uninstall", "0");
Line Found : user_pref("CT3315828.smartbar.homepage", "true");
Line Found : user_pref("CT3315828.smartbar.toolbarName", "InternetHelper3.7 ");
Line Found : user_pref("CT3315828.startPage", "true");
Line Found : user_pref("CT3315828.toolbarBornServerTime", "14-11-2013");
Line Found : user_pref("CT3315828.toolbarCurrentServerTime", "15-12-2013");
Line Found : user_pref("CT3315828.toolbarInstallDate", "09-11-2013 19:09:23");
Line Found : user_pref("CT3315828.toolbarLoginClientTime", "Wed Nov 13 2013 15:31:42 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT3315828.versionFromInstaller", "10.21.1.7");
Line Found : user_pref("CT3315828.xpeMode", "0");
Line Found : user_pref("CT3315828_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387071206478,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN23580925597262071");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mysearch.avg.com/search?pid=safeguard&sg=0&cid=%7B870b9529-7932-45e1-8a8a-0106d8d05a58%7D&mid=f4646e2e6e6c47d3857619d59a83ed16-b801e618541975[...]
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3315828");
Line Found : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=121107&babsrc=HP_ss&mntrId=A4B0AC8112B43E2F");
Line Found : user_pref("avg.install.userSPSettings", "Delta Search");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Found : user_pref("extensions.N1yiPr_Rfs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...]
Line Found : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search|Conduit\",\"features\":[{\"engine\":\"Related Search - NS1 - DDC\",\"additional_config\":\"c=1A3578,tlid=22406\",\"ai\":0,\"[...]
Line Found : user_pref("extensions.defaulttab.homepage.original", "hxxp://search.conduit.com/?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPC2FACAF5-426A-457A-9C9B-7EA76C0F9F58&SSPV=");
Line Found : user_pref("extensions.defaulttab.search.original", "Conduit Search");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.qafEv57pd.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.i[...]
Line Found : user_pref("extensions.wajam.affiliate_id", "5927");
Line Found : user_pref("extensions.wajam.firstrun", "false");
Line Found : user_pref("extensions.wajam.log_send_info", "false");
Line Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1227,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Line Found : user_pref("extensions.wajam.no_trace", "false");
Line Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
Line Found : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Found : user_pref("extensions.wajam.trace_log", "1393736319377 - onFlagInfoReceived - Server mapping version: 0.21088\n1393736319377 - onFlagInfoReceived - Server mapping version (client-side): 0.21088\n13937[...]
Line Found : user_pref("extensions.wajam.unique_id", "962A9362DDD6B76E7917D5D2BE839081");
Line Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Found : user_pref("extensions.wajam.version", "1.26");
Line Found : user_pref("extensions.wajam.website_version", "1.00294.0");
Line Found : user_pref("iminent.LayoutId", "1");
Line Found : user_pref("iminent.ShowThankyouPixel", "0");
Line Found : user_pref("iminent.newtabredirect", "false");
Line Found : user_pref("iminent.registerToolbarEvent101", "1387071267353");
Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.version", "7.43.4.1");
Line Found : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.43.4.1\",\"InstallEventCTime\":1387071200363,\"InstallEvent\":\"True\"}");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN94084410582152557&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN32011770302803911&UM=2[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN94084410582152557&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
Line Found : user_pref("smartbar.machineId", "KYOVQQDJ1CWISPGYTE3C8E5DEXZKSGWDSM8CDZWKNN8WO8CKW8XT3VRUZAA/JZVOFMOX2JZEHHXD380RL1L0YQ");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [79054 octets] - [11/04/2014 14:49:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [79115 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Thanks 

I'll have a good look at this tonight, but in the meantime, can you do this with AdwCleaner:

With regards to the toolbar it found, then yes, let it remove it.

--

Re-run AdwCleaner with the *Scan* option. After its finished scanning, click the *Clean* button.

Allow the cleaning process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

---

Your Java is out of date, so lets do that next:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 51 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
*Accept License Agreement.*".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u51-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u51-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

---

Your Firefox is out of date, so to update it, do the following:


Open up Firefox.
In the menu at the top of the page, click on *Help* and then *About Firefox*.
Firefox will now update automatically.

---

And finally, can you post a fresh log from OTL. This time we'll do a basic scan, and only the one log will appear.


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open one notepad window, *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post in your topic


----------



## Frustrated1636 (Oct 25, 2012)

Thanks Eddie,

Here is the AdwCleaner Log:

# AdwCleaner v3.023 - Report created 14/04/2014 at 16:14:42
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chuck - RIPPER
# Running from : C:\Users\Chuck\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\prefs.js ]

Line Deleted : user_pref("extensions.N1yiPr_Rfs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...]
Line Deleted : user_pref("extensions.qafEv57pd.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.i[...]

*************************

AdwCleaner[R0].txt - [79464 octets] - [11/04/2014 14:49:04]
AdwCleaner[R1].txt - [1338 octets] - [12/04/2014 11:55:46]
AdwCleaner[R2].txt - [1458 octets] - [14/04/2014 16:14:20]
AdwCleaner[S0].txt - [80480 octets] - [11/04/2014 14:54:09]
AdwCleaner[S1].txt - [1403 octets] - [12/04/2014 13:00:15]
AdwCleaner[S2].txt - [1383 octets] - [14/04/2014 16:14:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1443 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Excellent, looks like it removed all of that. Any joy with the OTL log?


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

Had trouble loading JAVA. I removed everything manually as instructed. Went to the JAVA site and could not find a 32 bit update. Also my computer I believe is 64 bit. I downloaded the 64 "7" update, but could not get it to run, it requested linking it to a program to run?

Also still have a pop-up showing up, for example when I just clicked on the JAVA link it opened in a separate tab but a new window also opened up with links to Windows Drivers. Also Malwaresbytes' anti-malware program is indicating it is blocking two malicious sites: r.searchfun.in and static.datafast guru.info.

I will run the OTL scan again and post the log now as well as try again with JAVA.

*THANK YOU VERY MUCH!!!! It is running much better and is actually usable again!*


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

I tried to update Frefo per your instructions but I click on help it says Firefox has latest updat and it does not provide the option for updating...Here is the OTL Log:

Ooos, too long. I'll attach the file.


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Seems that something is preventing me from re-installing JAVA. I have tried a couple of times and even manually defined the folders since they did not show up on my computer when I did the download. After doing the download in these newly named folders (the same as defined by the JAVA program, JAVA/jre7) I went back and they are empty. I followed the instructions and this is the final screen from JAVA:

_Seems can't post screen shots so I am attaching PDF of screen shots....here and next comment_

I click on the activate and get this dialog box:

_Seems can't post screen shots so I am attaching PDF of screen shots....here and above comment_

I click ok and it seems nothing happens????? Any ideas? The only think that shows up in control panel that I could see was the platform execution file.

Also still getting pop-up tabs, for example:

http://nym1.ib.adnxs.com/&age=0&gender=u&referrer=$%7BREFERRER_URL%7Dhttp://seth.avazutracking.net/tracking/redirect/redirect.php?id=41337699&czid=YXZhenU0MTMzNzY5OTE=&vurl=2455374&usrid=MTU3M2F2Y&rgid=Xp1Nzgy&kw=nym1CMq50bzpk-rPexACGPS59b6u9cbJSSINNjcuMTc1LjM0LjEzOSgBMKe2t5oF

https://register.perfectworld.com/nw_splash

This one had a message that said my video player had crashed and to click ok to download a new version (I think this may be the problem with loading JAVA)..... http://playerupdate.com--e.com/t/crashed1/

This is the window that pops up when I hit the submit reply button on the Tech Guy page we are working on: http://landing.driverrestore.com/41...=4101|US|forums.techguy.org|29981|techguy.org


----------



## Frustrated1636 (Oct 25, 2012)

Eddie, 

So you would know what I was talking about I went ahead and made screen shots of the pirate ads I mentioned before, see attached. I thought this was what Adwe Cleaner was supposed to eliminate but it seems these are eluding the clean up effort. 

Thank You


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Since it seems Adw Cleaner was supposed to get rid of these pirate adds I went ahead and ran it again and clicked on clean. My computer is back to running slow, particularly this page, typing and screen display experiencing big lag. Here is the log but it seems it did not fix, as the ads still appear:

# AdwCleaner v3.023 - Report created 16/04/2014 at 12:22:46
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chuck - RIPPER
# Running from : C:\Users\Chuck\Downloads\AdwCleaner(3).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\prefs.js ]

Line Deleted : user_pref("extensions.N1yiPr_Rfs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...]
Line Deleted : user_pref("extensions.qafEv57pd.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.i[...]

*************************

AdwCleaner[R0].txt - [79464 octets] - [11/04/2014 14:49:04]
AdwCleaner[R1].txt - [1338 octets] - [12/04/2014 11:55:46]
AdwCleaner[R2].txt - [1458 octets] - [14/04/2014 16:14:20]
AdwCleaner[R3].txt - [1578 octets] - [16/04/2014 12:21:30]
AdwCleaner[S0].txt - [80480 octets] - [11/04/2014 14:54:09]
AdwCleaner[S1].txt - [1403 octets] - [12/04/2014 13:00:15]
AdwCleaner[S2].txt - [1523 octets] - [14/04/2014 16:14:42]
AdwCleaner[S3].txt - [1503 octets] - [16/04/2014 12:22:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1563 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Firstly, with regards to the Firefox, it may have updated over the past few days. It sometimes does it when you start it up, so that's okay 

As for Java, it looks like you downloaded the wrong type. Its also recommended to use 32-bit even for 64-bit systems. I do, and I have never seen any issues. But, I'll show you which you have, and the correct one to get in my next reply 

Going through the OTL log now, and as for one tool removing all, I'm afraid they never do. But, with a combination and removing via fixes, we'll get it all clean 

AdwCleaner is working, otherwise you would have seen the original files there when you first ran it. But, the remains etc is where I'll start to look at them.

Bear with me, the log is pretty long as you know, and thanks for the screenies, I'll look at them in a minute 

Posting soon


----------



## eddie5659 (Mar 19, 2001)

Firstly, although its a good program to remove the stuff, it starts when Windows starts, which may slow things down. So, uninstall SUPERAntiSpyware.

I was going to ask about PngToPPTConvert, but the screenshot explains it. I'll also send this to the owner, see if we can look into the ads on the site so thanks for the screenshots :up:

So, can you get me a copy of the file that may be causing these ads? Its all done for you, just do the following:

Download suspicious file packer from http://www.safer-networking.org/files/sfp.zip

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop.

Please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files.

Just Register, press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file:


```
[b]
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
[/b]
```
Let me know when its uploaded 

----------

Now, Java. This is the one you downloaded: C:\Users\Chuck\Desktop\server-jre-7u51-windows-x64.tar.gz

Note the tar.gz extension. This is usually used in servers or Linux type systems, not Windows. So, the one you want is this. Also, looks like Java 8 has finally been released:










---------

Next, can you run this tool, so we can see if it removes some more stuff:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

-----

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {8e2479de-6096-41f3-90ab-83be9946aa2d} - No CLSID value found
IE - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001\..\URLSearchHook: {8e2479de-6096-41f3-90ab-83be9946aa2d} - No CLSID value found
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npchrome: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff
[2013/09/11 13:10:07 | 000,000,000 | ---D | M] (LyricsSing) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\133
[2013/09/15 00:36:53 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
[2014/02/27 13:57:30 | 000,000,000 | ---D | M] (SmARtCompare) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
O2 - BHO: (no name) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No CLSID value found.
O2 - BHO: (no name) - {8e2479de-6096-41f3-90ab-83be9946aa2d} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-2471097063-1945811626-1650287918-1001..\Run: [Akamai NetSession Interface] "C:\Users\Chuck\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:[b]64bit:[/b] - Protocol\Handler\cdo - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[1 C:\Users\Chuck\Documents\*.tmp files -> C:\Users\Chuck\Documents\*.tmp -> ]
[5 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2014/02/27 13:57:30 | 000,000,000 | ---D | M] (PngToPaPTuConuvertt) -- C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected].edu
FF - prefs.js..extensions.enabledAddons: firefox%40lemurleap.info:1.0.0
:Files
C:\Program Files (x86)\Better-Surf
C:\Program Files (x86)\Common Files\Tencent
ipconfig /flushdns /c
:Commands
[emptytemp]
[purity]
```

Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

I was unable to get to the spykiller site as Firefox says server not located...... "Firefox can't find the server at www.thespykiller.co.uk."

But I think I may have found the source, it was a module on Firefox along with two others. I removed the items and it seems to have to stopped the ads. I had copied a screen shot but then inadvertently copied over it with the above msg before pasting into a PDF. Sorry.


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Per the above on JAVA, these are the options available to download, see attached....which one do I pick?


----------



## eddie5659 (Mar 19, 2001)

Forgot to say, I think the site is down, so leave that for now, but still zip the file before you run the OTL fix. We'll upload it later 

Excellent, about the firefox module. Running JRT was a way to remove them. Leave JRT for now, but run the OTL fix. Then, we'll see what remans we have left 

For the Java, select Windows Offine, the one that is 29.67MB

Then, once its downloaded, install and after doing that, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens.


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

I had already run JRT, here is the log. I will go ahead and install JAVA as indicated and then run OTL with the cut and paste custom scan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chuck on Wed 04/16/2014 at 16:01:04.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}

~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\windows\Tasks\dll-files.com fixer_updates.job"
Successfully deleted: [File] "C:\Users\Chuck\appdata\locallow\SkwConfig.bin"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Chuck\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\Chuck\appdata\locallow\keybar_1.14"
Successfully deleted: [Folder] "C:\Users\Chuck\appdata\locallow\sweetpacks"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Chuck\AppData\Roaming\mozilla\firefox\profiles\3hnw3ken.default\extensions\133
Successfully deleted the following from C:\Users\Chuck\AppData\Roaming\mozilla\firefox\profiles\3hnw3ken.default\prefs.js

user_pref("extensions.N1yiPr_Rfs.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.index
user_pref("extensions.defaulttab.PIR7", 1396706537);
user_pref("extensions.defaulttab.active.affiliate", 3257);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "D73BBF367AAFADB540F03FEA363DB361");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installdate", 1391458593);
user_pref("extensions.defaulttab.installedVersion", "2.3.3");
user_pref("extensions.defaulttab.lastNetSeerDownload", 1396706537);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
user_pref("extensions.qafEv57pd.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexO
user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM
user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
Emptied folder: C:\Users\Chuck\AppData\Roaming\mozilla\firefox\profiles\3hnw3ken.default\minidumps [15 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 16:06:03.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

In regard to JAVA, I had removed all the previous versions and now the only one present is JAVA 8 Update 5. I am probably not looking in the right area but the only access I have to programs is through the uninstall screen. Not sure how to follow your instructions in opening JAVA from Control Panel. I am going to run OTL now.


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

And here is the latest edition of OTL Log...get it while it's hot. Thanks for all your effort...it is appreciated.


----------



## eddie5659 (Mar 19, 2001)

I can see what you've done. You need to copy/paste the fix I posted in the box, but press the *Run Fix* button, so it can remove the entries. It will bring a much smaller log,

I'll have a look at the Java tonight, as maybe the newer version doesn't have those options.

----

Now, when you ran Malwarebytes' Anti-Malware, did you quarantine the entries? If you're not sure, as the log didn't say they were, can you re-run it as before, but when its finished scanning:

When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.

Then post the log here.

I have another couple of programs to look at that we can use before we move to the manual stuff, to clear all the remains out


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Sorry about that....sometimes my reading comprehension isn't all there....I went to public school 

Here is the OTL log text from the fix run:

All processes killed
========== COMMANDS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e8a1050-cf67-4575-92df-dcc60e7d952d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8e2479de-6096-41f3-90ab-83be9946aa2d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e2479de-6096-41f3-90ab-83be9946aa2d}\ not found.
Registry value HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8e2479de-6096-41f3-90ab-83be9946aa2d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e2479de-6096-41f3-90ab-83be9946aa2d}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npchrome\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/TXSSO\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Better-Surf\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff not found.
Folder C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\133\ not found.
Folder C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]\ not found.
Folder C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e2479de-6096-41f3-90ab-83be9946aa2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e2479de-6096-41f3-90ab-83be9946aa2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdo\ deleted successfully.
File Protocol\Handler\cdo - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
File Protocol\Handler\http\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
File Protocol\Handler\http\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
File Protocol\Handler\https\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
File Protocol\Handler\https\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Chuck\Documents\~WRD0001.tmp deleted successfully.
C:\windows\Installer\MSI37B2.tmp- folder deleted successfully.
C:\windows\Installer\MSI4F2A.tmp- folder deleted successfully.
C:\windows\Installer\MSI62B9.tmp deleted successfully.
C:\windows\Installer\MSI64B0.tmp- folder deleted successfully.
C:\windows\Installer\MSID400.tmp deleted successfully.
Folder C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]\ not found.
Prefs.js: firefox%40lemurleap.info:1.0.0 removed from extensions.enabledAddons
========== FILES ==========
File\Folder C:\Program Files (x86)\Better-Surf not found.
File\Folder C:\Program Files (x86)\Common Files\Tencent not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chuck\Downloads\cmd.bat deleted successfully.
C:\Users\Chuck\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chuck
->Temp folder emptied: 3637152427 bytes
->Temporary Internet Files folder emptied: 1160409866 bytes
->Java cache emptied: 39332 bytes
->FireFox cache emptied: 94289068 bytes
->Flash cache emptied: 370081 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OLD Computer

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 696948221 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42050220 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63515506 bytes
RecycleBin emptied: 46730265 bytes

Total Files Cleaned = 5,476.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04172014_111007

Files\Folders moved on Reboot...
C:\Users\Chuck\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...*

Thank You!*


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Ran Malware and looky here, nothing found!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/17/2014
Scan Time: 11:56:57 AM
Logfile: Malware Scan 140417.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.17.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chuck

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252803
Time Elapsed: 28 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## eddie5659 (Mar 19, 2001)

Ah, so it must have removed them, which is good. And thanks for the OTL log :up:

Now, as there is an extenstion that is causing a few issues, can you run this new tool. It will be lengthy again (upload as you did before), but I want to see what its showing, and see if we can remove it another way.

----

Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.

Leave all the *Whitelist* boxes ticked as default, but then can you also tick *Shortcut.txt* as well.
Press *Scan* button.
It will produce a log called *FRST.txt* and *Shortcut.txt* in the same directory the tool is run from. 
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

I ran the Farbar tool and actually it did not take long at all. Since there are three logs I am going to attach those. Thanks!!!!


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs and hope you had a happy Easter 

Now, the one thing I wanted to see wasn't there, so maybe its already gone. That being said, I did see some things, so lets remove them, and then there is one more automated tool I want to use before we go the manually way, as you had a lot of infections, and just want to be sure first. But, we'll sort out FRST first.

Do you know what this is: C:\Users\Chuck\Downloads\Setup_OSU

The reason I ask, is you have multiple copies of it, which we can remove. There seems to be a few a day, and they're quite large but stop at around 10th April.

-----------

Download attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

I had a nice Easter and I hope yours was good. Looking under properties OSU is a open software updater. This is not something that I installed and since many of these programs seem to include a software update I would think it is bogue. Here is the log from the fixlist. This lists a bunch of tmp files and I had noticed before that it seems the system is generating these in mass every time I am online. Seems like a problem to look into. Again thanks fort all your efforts!!!!

CHR HKLM-x32\...\Chrome\Extension: [ajadlheagenmmedmhaoafgkdenfilcme] - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx []
CHR HKLM-x32\...\Chrome\Extension: [iimlgpidjkiedgndbhjbalobolmjilei] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92\ch\WebexpEnhancedV1alpha92.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [jifcpmlipdckkgahcekdccikeddjgnbl] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha753\ch\MediaViewV1alpha753.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [jncmagbhmnlmppimlagabdnhhlbclman] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ch\MediaViewerV1alpha3789.crx [2013-03-06]
C:\Users\Chuck\Downloads\B13D.tmp
C:\Users\Chuck\Downloads\F6F.tmp
C:\Users\Chuck\Downloads\A22B.tmp
C:\Users\Chuck\Downloads\FBDA.tmp
C:\Users\Chuck\Downloads\80DB.tmp
C:\Users\Chuck\Downloads\5BD8.tmp
C:\Users\Chuck\Downloads\D4F1.tmp
C:\Users\Chuck\Downloads\DD32.tmp
C:\Users\Chuck\Downloads\6785.tmp
C:\Users\Chuck\Downloads\8B61.tmp
C:\Users\Chuck\Downloads\13D8.tmp
C:\Users\Chuck\Downloads\C0B4.tmp
C:\Users\Chuck\Downloads\61D6.tmp
C:\Users\Chuck\Downloads\7D5D.tmp
C:\Users\Chuck\Downloads\DFF7.tmp
C:\Users\Chuck\Downloads\7291.tmp
C:\Users\Chuck\Downloads\1458.tmp
C:\Users\Chuck\Downloads\B586.tmp
C:\Users\Chuck\Downloads\56F3.tmp
C:\Users\Chuck\Downloads\F801.tmp
C:\Users\Chuck\Downloads\996F.tmp
C:\Users\Chuck\Downloads\3A98.tmp
C:\Users\Chuck\Downloads\DB2B.tmp
C:\Users\Chuck\Downloads\7C68.tmp
C:\Users\Chuck\Downloads\C182.tmp
C:\Users\Chuck\Downloads\1E21.tmp
C:\Users\Chuck\Downloads\A75C.tmp
C:\Users\Chuck\Downloads\60D7.tmp
C:\Users\Chuck\Downloads\1F4.tmp
C:\Users\Chuck\Downloads\EF28.tmp
C:\Users\Chuck\Downloads\58F3.tmp
C:\Users\Chuck\Downloads\DF6F.tmp
C:\Users\Chuck\Downloads\9C33.tmp
C:\Users\Chuck\Downloads\80F.tmp
C:\Users\Chuck\Downloads\4E41.tmp
C:\Users\Chuck\Downloads\89CA.tmp
C:\Users\Chuck\Downloads\EB2C.tmp
C:\Users\Chuck\Downloads\A487.tmp
C:\Users\Chuck\Downloads\4F3C.tmp
C:\Users\Chuck\Downloads\E3C2.tmp
C:\Users\Chuck\Downloads\5989.tmp
C:\Users\Chuck\Downloads\FB85.tmp
C:\Users\Chuck\Downloads\6EED.tmp
C:\Users\Chuck\Downloads\88B2.tmp
C:\Users\Chuck\Downloads\1EBD.tmp
C:\Users\Chuck\Downloads\79B9.tmp
C:\Users\Chuck\Downloads\4FD9.tmp
C:\Users\Chuck\Downloads\F983.tmp
C:\Users\Chuck\Downloads\CA44.tmp
C:\Users\Chuck\Downloads\9D29.tmp
C:\Users\Chuck\Downloads\733D.tmp
C:\Users\Chuck\Downloads\21D2.tmp
C:\Users\Chuck\Downloads\6E96.tmp
C:\Users\Chuck\Downloads\EA7B.tmp
C:\Users\Chuck\Downloads\4B2D.tmp
C:\Users\Chuck\Downloads\270C.tmp
C:\Users\Chuck\Downloads\6DA.tmp
C:\Users\Chuck\Downloads\92B1.tmp
C:\Users\Chuck\Downloads\2730.tmp
C:\Users\Chuck\Downloads\B190.tmp
C:\Users\Chuck\Downloads\46CA.tmp
C:\Users\Chuck\Downloads\C90F.tmp
C:\Users\Chuck\Downloads\8458.tmp
C:\Users\Chuck\Downloads\903.tmp
C:\Users\Chuck\Downloads\FB0D.tmp
C:\Users\Chuck\Downloads\6534.tmp
C:\Users\Chuck\Downloads\216F.tmp
C:\Users\Chuck\Downloads\BA96.tmp
C:\Users\Chuck\Downloads\26FD.tmp
C:\Users\Chuck\Downloads\9C29.tmp
C:\Users\Chuck\Downloads\70E6.tmp
C:\Users\Chuck\Downloads\DC9.tmp
C:\Users\Chuck\Downloads\87BC.tmp
C:\Users\Chuck\Downloads\B587.tmp
C:\Users\Chuck\Downloads\791F.tmp
C:\Users\Chuck\Downloads\4B44.tmp
C:\Users\Chuck\Downloads\F470.tmp
C:\Users\Chuck\Downloads\E810.tmp
C:\Users\Chuck\Downloads\6F0A.tmp
C:\Users\Chuck\Downloads\DF8E.tmp
C:\Users\Chuck\Downloads\638A.tmp
C:\Users\Chuck\Downloads\BE33.tmp
C:\Users\Chuck\Downloads\3264.tmp
C:\Users\Chuck\Downloads\A57D.tmp
C:\Users\Chuck\Downloads\5E8.tmp
C:\Users\Chuck\Downloads\3D52.tmp
C:\Users\Chuck\Downloads\A39E.tmp
C:\Users\Chuck\Downloads\3950.tmp
C:\Users\Chuck\Downloads\B1B.tmp
C:\Users\Chuck\Downloads\DEFA.tmp
C:\Users\Chuck\Downloads\74FC.tmp
C:\Users\Chuck\Downloads\48F4.tmp
C:\Users\Chuck\Downloads\B80B.tmp
C:\Users\Chuck\Downloads\2A3E.tmp
C:\Users\Chuck\Downloads\8618.tmp
C:\Users\Chuck\Downloads\F01D.tmp
C:\Users\Chuck\Downloads\548C.tmp
C:\Users\Chuck\Downloads\BEE5.tmp
C:\Users\Chuck\Downloads\8AED.tmp
C:\Users\Chuck\Downloads\2107.tmp
C:\Users\Chuck\Downloads\395E.tmp
C:\Users\Chuck\Downloads\BAB0.tmp
C:\Users\Chuck\Downloads\3374.tmp
C:\Users\Chuck\Downloads\B693.tmp
C:\Users\Chuck\Downloads\8ED2.tmp
C:\Users\Chuck\Downloads\74A.tmp
C:\Users\Chuck\Downloads\806C.tmp
C:\Users\Chuck\Downloads\7A02.tmp
C:\Users\Chuck\Downloads\3971.tmp
C:\Users\Chuck\Downloads\FD73.tmp
C:\Users\Chuck\Downloads\C665.tmp
C:\Users\Chuck\Downloads\81D3.tmp
C:\Users\Chuck\Downloads\43B3.tmp
C:\Users\Chuck\Downloads\CC93.tmp
C:\Users\Chuck\Downloads\96F0.tmp
C:\Users\Chuck\Downloads\6CF.tmp
C:\Users\Chuck\Downloads\6CDB.tmp
C:\Users\Chuck\Downloads\9271.tmp
C:\Users\Chuck\Downloads\C88F.tmp
C:\Users\Chuck\Downloads\2DF5.tmp
C:\Users\Chuck\Downloads\686A.tmp
C:\Users\Chuck\Downloads\2E4.tmp
C:\Users\Chuck\Downloads\A627.tmp
C:\Users\Chuck\Downloads\A66E.tmp
C:\Users\Chuck\Downloads\7BE8.tmp
C:\Users\Chuck\Downloads\4521.tmp
C:\Program Files (x86)\MediaViewerV1
C:\Program Files (x86)\MediaViewV1
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\BetterSurf

=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Chuck\Downloads\Setup_OSU (99).exe
C:\Users\Chuck\Downloads\Setup_OSU (98).exe
C:\Users\Chuck\Downloads\Setup_OSU (97).exe
C:\Users\Chuck\Downloads\Setup_OSU (100).exe
C:\Users\Chuck\Downloads\Setup_OSU (96).exe
C:\Users\Chuck\Downloads\Setup_OSU (95).exe
C:\Users\Chuck\Downloads\Setup_OSU (94).exe
C:\Users\Chuck\Downloads\Setup_OSU (93).exe
C:\Users\Chuck\Downloads\Setup_OSU (92).exe
C:\Users\Chuck\Downloads\Setup_OSU (91).exe
C:\Users\Chuck\Downloads\Setup_OSU (90).exe
C:\Users\Chuck\Downloads\Setup_OSU (89).exe
C:\Users\Chuck\Downloads\Setup_OSU (88).exe
C:\Users\Chuck\Downloads\Setup_OSU (87).exe
C:\Users\Chuck\Downloads\Setup_OSU (86).exe
C:\Users\Chuck\Downloads\Setup_OSU (85).exe
C:\Users\Chuck\Downloads\Setup_OSU (84).exe
C:\Users\Chuck\Downloads\Setup_OSU (83).exe
C:\Users\Chuck\Downloads\Setup_OSU (82).exe
C:\Users\Chuck\Downloads\Setup_OSU (81).exe
C:\Users\Chuck\Downloads\Setup_OSU (80).exe
C:\Users\Chuck\Downloads\Setup_OSU (79).exe
C:\Users\Chuck\Downloads\Setup_OSU (78).exe
C:\Users\Chuck\Downloads\Setup_OSU (77).exe
C:\Users\Chuck\Downloads\Setup_OSU (76).exe
C:\Users\Chuck\Downloads\Setup_OSU (75).exe
C:\Users\Chuck\Downloads\Setup_OSU (74).exe
C:\Users\Chuck\Downloads\Setup_OSU (73).exe
C:\Users\Chuck\Downloads\Setup_OSU (72).exe
C:\Users\Chuck\Downloads\Setup_OSU (71).exe
C:\Users\Chuck\Downloads\Setup_OSU (70).exe
C:\Users\Chuck\Downloads\Setup_OSU (69).exe
C:\Users\Chuck\Downloads\Setup_OSU (68).exe
C:\Users\Chuck\Downloads\Setup_OSU (67).exe
C:\Users\Chuck\Downloads\Setup_OSU (66).exe
C:\Users\Chuck\Downloads\Setup_OSU (65).exe
C:\Users\Chuck\Downloads\Setup_OSU (64).exe
C:\Users\Chuck\Downloads\Setup_OSU (63).exe
C:\Users\Chuck\Downloads\Setup_OSU (62).exe
C:\Users\Chuck\Downloads\Setup_OSU (61).exe
C:\Users\Chuck\Downloads\Unconfirmed 786465.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 237379.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 99500.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 770871.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 770658.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 641506.crdownload
C:\Users\Chuck\Downloads\FinallyFast.setup (1).exe
C:\Users\Chuck\Downloads\Unconfirmed 656717.crdownload
C:\Users\Chuck\Downloads\FinallyFast.setup.exe
C:\Users\Chuck\Downloads\Setup_OSU (60).exe
C:\Users\Chuck\Downloads\Setup_OSU (59).exe
C:\Users\Chuck\Downloads\Setup_OSU (57).exe
C:\Users\Chuck\Downloads\Setup_OSU (58).exe
C:\Users\Chuck\Downloads\Setup_OSU (55).exe
C:\Users\Chuck\Downloads\Setup_OSU (56).exe
C:\Users\Chuck\Downloads\Setup_OSU (54).exe
C:\Users\Chuck\Downloads\Setup_OSU (53).exe
C:\Users\Chuck\Downloads\Setup_OSU (52).exe
C:\Users\Chuck\Downloads\Setup_OSU (51).exe
C:\Users\Chuck\Downloads\Setup_OSU (50).exe
C:\Users\Chuck\Downloads\Setup_OSU (49).exe
C:\Users\Chuck\Downloads\Setup_OSU (48).exe
C:\Users\Chuck\Downloads\Setup_OSU (47).exe
C:\Users\Chuck\Downloads\Setup_OSU (46).exe
C:\Users\Chuck\Downloads\Setup_OSU (45).exe
C:\Users\Chuck\Downloads\Setup_OSU (44).exe
C:\Users\Chuck\Downloads\Setup_OSU (43).exe
C:\Users\Chuck\Downloads\Setup_OSU (40).exe
C:\Users\Chuck\Downloads\Setup_OSU (42).exe
C:\Users\Chuck\Downloads\Setup_OSU (41).exe
C:\Users\Chuck\Downloads\Setup_OSU (39).exe
C:\Users\Chuck\Downloads\Setup_OSU (38).exe
C:\Users\Chuck\Downloads\Setup_OSU (36).exe
C:\Users\Chuck\Downloads\Setup_OSU (37).exe
C:\Users\Chuck\Downloads\Setup_OSU (34).exe
C:\Users\Chuck\Downloads\Setup_OSU (35).exe
C:\Users\Chuck\Downloads\Setup_OSU (33).exe
C:\Users\Chuck\Downloads\Setup_OSU (32).exe
C:\Users\Chuck\Downloads\Setup_OSU (31).exe
C:\Users\Chuck\Downloads\Setup_OSU (30).exe
C:\Users\Chuck\Downloads\Setup_OSU (29).exe
C:\Users\Chuck\Downloads\Setup_OSU (28).exe
C:\Users\Chuck\Downloads\Setup_OSU (27).exe
C:\Users\Chuck\Downloads\Setup_OSU (26).exe
C:\Users\Chuck\Downloads\Setup_OSU (25).exe
C:\Users\Chuck\Downloads\Setup_OSU (24).exe
C:\Users\Chuck\Downloads\Setup_OSU (23).exe
C:\Users\Chuck\Downloads\Setup_OSU (22).exe
C:\Users\Chuck\Downloads\Setup_OSU (21).exe
C:\Users\Chuck\Downloads\Setup_OSU (20).exe
C:\Users\Chuck\Downloads\Setup_OSU (19).exe
C:\Users\Chuck\Downloads\Setup_OSU (18).exe
C:\Users\Chuck\Downloads\Setup_OSU (17).exe
C:\Users\Chuck\Downloads\Setup_OSU (16).exe
C:\Users\Chuck\Downloads\Setup_OSU (15).exe
C:\Users\Chuck\Downloads\Setup_OSU (14).exe
C:\Users\Chuck\Downloads\Setup_OSU (13).exe
C:\Users\Chuck\Downloads\Setup_OSU (12).exe
C:\Users\Chuck\Downloads\Setup_OSU (11).exe
C:\Users\Chuck\Downloads\Setup_OSU (10).exe
C:\Users\Chuck\Downloads\Setup_OSU (9).exe
C:\Users\Chuck\Downloads\Setup_OSU (8).exe
C:\Users\Chuck\Downloads\Setup_OSU (7).exe
C:\Users\Chuck\Downloads\Setup_OSU (6).exe
C:\Users\Chuck\Downloads\Setup_OSU (5).exe
C:\Users\Chuck\Downloads\Setup_OSU (4).exe
C:\Users\Chuck\Downloads\Setup_OSU (3).exe
C:\Users\Chuck\Downloads\Setup_OSU (2).exe
C:\Users\Chuck\Downloads\Unconfirmed 491.crdownload
C:\Users\Chuck\Downloads\Setup_OSU (1).exe
C:\Users\Chuck\Downloads\Setup_OSU.exe
C:\Users\Chuck\AppData\Local\Temp\drm_dyndata_7330014.dll
Task: {0D97F66C-6222-49D9-B5B4-3C817AC05773} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {0DFE6BB2-C0D4-4302-8EE0-1D2E27C0F1F0} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {11B52097-9C7D-48B0-A6CF-957E32AE387C} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {D794A0B8-54C4-488D-9443-B564FA5C238B} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {670537B1-ED68-4175-ACE1-396A82F97BC8} - \DealPlyUpdate ATTENTION ====> No Task File
Task: {E6A5170C-8FC0-4357-A33B-3A2E98CEF9CD} - \DealPly ATTENTION ====> No Task File
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer


----------



## eddie5659 (Mar 19, 2001)

Yep, I had a nice easter, just trying to get back into waking up for work 

Okay, lets run the automated tool now, then we'll search for other stuff manually (using a tool) then I'll create a fix based on that 

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to Frustrated123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Frustrated1636 (Oct 25, 2012)

Hey Eddie,

Every time I reply to you I am reminded of my college days in Austin....used to be in a band called Eddie and the Lawnmowers...we didn't have an Eddie in the band but he lived with us in spirit. 

Ok, ran the combo fix and I am attaching the file.

As always, thanks for the great help...


----------



## eddie5659 (Mar 19, 2001)

Interesting, what type of music was the band playing?

Just looking in the log, do you use anything by ma.edu? That is Massachusetts education. If so, then I'll leave the entry:

FF - ExtSQL: 2014-02-27 12:57; [email protected]; c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]

I see a few things to remove, but lets do the main manual things, and go from there. I'll create the list today for you to run, just replying now before I forget about the edu thing


----------



## eddie5659 (Mar 19, 2001)

Okay, normally I get the user to do all the full scan at the same time. However, as you may still have a lot showing, we'll do them in stages. So, download and run as below, then underneath that, I will post the extra sans to do, once you've uploaded the other. Just so you know, if you run one scan, then run the second without sending me the log, it automatically writes over the original log, so just do one at a time, even if its three replies 

Also, make sure you include the first part, eg :filefind. Don't forget it needs the : as well 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*LuckLeap*.*
*LemurLeap*.*
*SearchProtect*.*
*conduit*.*
*Wajam*.*
*jpmbfleldcgkldadpdinhjjopdfpjfjp*.*
*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*.*
*babylon*.*
*snap.do*.*
*bProtector*.*
*MySearch*.*
*Media View*.*
*MediaView*.*
*Media Viewer*.*
*MediaViewer*.*
*SmARtCompare*.*
*knmafenhackomkdiaggnceblhfomhofe*.*
*DealPly*.*
*I Want This*.*
*Iminent*.*
*InternetHelper*.*
*KeyBar*.*
*Optimizer*.*
*LyricsSing*.*
*Tencent*.*
*DefaultTab*.*
*BetterSurf*.*
*WebexpEnhanced*.*
*jncmagbhmnlmppimlagabdnhhlbclman*.*
*better-surf*.*
*N1yiPr_Rfs*.*
*qafEv57pd*.*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

=============================
2nd scan:


```
:folderfind
*LuckLeap*
*LemurLeap*
*SearchProtect*
*conduit*
C:\Users\Chuck\AppData\Local\GCC*
*Wajam*
*jpmbfleldcgkldadpdinhjjopdfpjfjp*
*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*
*babylon*
*snap.do*
*bProtector*
*MySearch*
*Media View*
*MediaView*
*Media Viewer*
*MediaViewer*
*SmARtCompare*
*knmafenhackomkdiaggnceblhfomhofe*
*DealPly*
*I Want This*
*Iminent*
*InternetHelper*
*KeyBar*
*Optimizer*
*LyricsSing*
*Tencent*
*DefaultTab*
*BetterSurf*
*WebexpEnhanced*
*jncmagbhmnlmppimlagabdnhhlbclman*
*better-surf*
*poheodfamflhhhdcmjfeggbgigeefaco*
*N1yiPr_Rfs*
*qafEv57pd*
```
==================
3rd scan:


```
:regfind
LuckLeap
LemurLeap
SearchProtect
conduit
Wajam
jpmbfleldcgkldadpdinhjjopdfpjfjp
5a95a9e0-59dd-4314-bd84-4d18ca83a0e2
babylon
snap.do
bProtector
MySearch
Media View
MediaView
Media Viewer
MediaViewer
SmARtCompare
knmafenhackomkdiaggnceblhfomhofe
DealPly
I Want This
Iminent
InternetHelper
KeyBar
Optimizer
LyricsSing
Tencent
DefaultTab
BetterSurf
WebexpEnhanced
jncmagbhmnlmppimlagabdnhhlbclman
0C7C23EF-A848-485B-873C-0ED954731014
A57E074F-56D8-4A33-8112-AAC9693AA909
DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH
better-surf
N1yiPr_Rfs
qafEv57pd
:dir
C:\Users\Chuck\Downloads
```


----------



## Frustrated1636 (Oct 25, 2012)

Hey Eddie,

We played a mixture of punk, new wave and 60's Detroit rock, (Friday at the Hideout/Pushin too Hard/96 Tears)....covers of bands like The Ramones, The Jags, Talking Heads and a bunch of our own. Fun times but a long time ago now...

Do not recognize anything put out by Mass education, so I would say let's clean it up. If we need we can redo when the time comes. I think this might be some educational game the kids no longer use.

Ok, ran the first one and here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:41 on 29/04/2014 by Chuck
Administrator - Elevation successful

========== filefind ==========

Searching for "*LuckLeap*.*"
No files found.

Searching for "*LemurLeap*.*"
No files found.

Searching for "*SearchProtect*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\ChromeExtData\jhbbmmgbnjalccamlaefhepnajfmgopb\Repository\CT3315828.searchProtectorData.txt.vir --a---- 1694 bytes [20:27 28/11/2013] [20:27 28/11/2013] 08E346F5466F2900FDAECAF3503CCA97
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\ChromeExtData\nemfjadlboooiffmcelkafilagddogim\Repository\CT3289663.searchProtectorData.txt.vir --a---- 1630 bytes [12:09 19/10/2013] [12:10 19/10/2013] F9D0874659257340A2608FD2E07E4337
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3289663\CT3289663.searchProtectorData --a---- 1288 bytes [21:47 09/11/2013] [01:33 15/12/2013] A3A502A991E8315378F3B231744B0560
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3291327\CT3291327.searchProtectorData --a---- 1148 bytes [21:47 09/11/2013] [01:33 15/12/2013] 61A566A5B691692C3CA15908F1E93682
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3310511\CT3310511.searchProtectorData --a---- 1147 bytes [21:47 09/11/2013] [01:33 15/12/2013] 9DABA00171415A99A9EE581A5CA3D80F
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3315828\CT3315828.searchProtectorData --a---- 1289 bytes [21:31 13/11/2013] [01:33 15/12/2013] AA386D4867C37CCAA35D7A9F76AD7BA3

Searching for "*conduit*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal.vir --a---- 8768 bytes [19:52 28/11/2013] [16:23 05/01/2014] 3E78ACE919CC98C6E4E38F4D6003D4F0
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage.vir --a---- 8192 bytes [19:52 28/11/2013] [16:23 05/01/2014] A45EE65BF592E3432F0FCAB187749EB1
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal.vir --a---- 7736 bytes [00:06 15/12/2013] [04:29 05/01/2014] 4BCFCB303B51F198FE9D88B962A1B93E
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage.vir --a---- 7168 bytes [00:06 15/12/2013] [04:29 05/01/2014] F3733DB0EF321CCB5A0C034D966C94D2
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [18:11 15/12/2013] [14:15 05/01/2014] 15133E7411262109A3CC78DBE335D0E0
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage.vir --a---- 3072 bytes [18:11 15/12/2013] [14:15 05/01/2014] 095C74F69DCC712B232031A13E093961
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1776362_1766903_US.xml.vir --a---- 190 bytes [21:27 17/08/2013] [16:44 22/09/2013] C4E38311DCB60C23DF76F369C774C4DF
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1795305_1785846_US.xml.vir --a---- 188 bytes [23:31 21/09/2013] [16:44 22/09/2013] 1F9350FC5FB428C47594C33AFC92DECD
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\6FZ2C3WV\app.mam.conduit[1].xml --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\apps.search.conduit[1].xml --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\facebook.conduitapps[1].xml --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\fastcontent.conduit[1].xml --a---- 734 bytes [04:15 18/08/2013] [04:16 18/08/2013] 4230D32E6E153B738338A3E26A4E56D3
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5IUPICTU\facebook.conduitapps[1].xml --a---- 13 bytes [18:20 17/08/2013] [18:20 17/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\app.mam.conduit[1].xml --a---- 253 bytes [18:20 17/08/2013] [23:31 21/09/2013] 77C0E4952439F7B5D17A54C903FAC237
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\cap1.conduit-apps[1].xml --a---- 13 bytes [23:31 21/09/2013] [23:31 21/09/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.conduit[1].xml --a---- 13 bytes [00:18 18/08/2013] [00:18 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\apps.search.conduit[1].xml --a---- 13 bytes [18:22 17/08/2013] [18:22 17/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\fastcontent.conduit[1].xml --a---- 912 bytes [20:41 17/08/2013] [01:57 22/09/2013] BCA13D3EAF2CC67244E326A8CF5A9480
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3289663\conduit.xml --a---- 1001 bytes [21:48 09/11/2013] [21:48 09/11/2013] 0951CA88C71CD3DFEB93A52431C9B7A9
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3291327\conduit.xml --a---- 989 bytes [21:48 09/11/2013] [21:48 09/11/2013] 9325B1E60897ED97D18E64905DDD9904
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3310511\conduit.xml --a---- 987 bytes [21:48 09/11/2013] [21:48 09/11/2013] A842DB5227C2EAD6A18D2E2E94A38AFB
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3315828\conduit.xml --a---- 850 bytes [01:31 15/12/2013] [01:31 15/12/2013] 5A5855AA374E010D6387C66BD1E7A176

Searching for "*Wajam*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\META-INF\WajamsCOMODOCALimitedID.rsa.vir --a---- 4361 bytes [21:05 07/02/2013] [21:05 07/02/2013] A60896D2FAD2AC8FF622EB3D9A591319
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\META-INF\WajamsCOMODOCALimitedID.sf.vir --a---- 893 bytes [21:05 07/02/2013] [21:05 07/02/2013] 7B05719BA609666ED76D8138CAC76314
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\www.wajam[1].xml --a---- 85 bytes [17:37 17/08/2013] [17:37 17/08/2013] C18E91C0AF873CC0C3E2814C0FA5A795

Searching for "*jpmbfleldcgkldadpdinhjjopdfpjfjp*.*"
No files found.

Searching for "*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*.*"
No files found.

Searching for "*babylon*.*"
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.babylon[1].xml --a---- 750 bytes [21:09 29/06/2013] [01:49 30/06/2013] 372649A082CB830B24B4017FC12A78CF
C:\Users\Chuck\Favorites\Golden Gate Project\y = k x ^2 - Babylon Yahoo! Search Results.url --a---- 393 bytes [00:42 21/04/2013] [19:59 11/04/2014] C8527FBF3E2CCB9A31540987657C7387

Searching for "*snap.do*.*"
No files found.

Searching for "*bProtector*.*"
No files found.

Searching for "*MySearch*.*"
No files found.

Searching for "*Media View*.*"
No files found.

Searching for "*MediaView*.*"
No files found.

Searching for "*Media Viewer*.*"
No files found.

Searching for "*MediaViewer*.*"
No files found.

Searching for "*SmARtCompare*.*"
C:\Users\Chuck\AppData\Local\Packages\windows_ie_ac_001\AC\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat --a---- 144 bytes [21:42 25/02/2014] [21:42 25/02/2014] 23C308104C1D6D78C20D4A3FB3F183E8
C:\Users\Chuck\AppData\LocalLow\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat --a---- 148 bytes [21:42 25/02/2014] [21:42 25/02/2014] 868C21B68A279F35B601E60E9CB7B84E

Searching for "*knmafenhackomkdiaggnceblhfomhofe*.*"
No files found.

Searching for "*DealPly*.*"
C:\AdwCleaner\Quarantine\C\windows\System32\Tasks\Dealply.vir --a---- 3280 bytes [13:55 15/12/2013] [13:55 15/12/2013] 338304EA9398F7AD1FC3A8D292815DC7
C:\AdwCleaner\Quarantine\C\windows\System32\Tasks\DealPlyUpdate.vir --a---- 3366 bytes [13:55 15/12/2013] [13:55 15/12/2013] A0B2DCD9A0269DC586A3DC2AA8895CA3
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.93_0\extensionData\plugins\102_dealply_m.js --a---- 2247 bytes [09:43 04/02/2014] [09:43 04/02/2014] FEF39E0386D6094AF47A936CAAC7C00D

Searching for "*I Want This*.*"
No files found.

Searching for "*Iminent*.*"
No files found.

Searching for "*InternetHelper*.*"
No files found.

Searching for "*KeyBar*.*"
No files found.

Searching for "*Optimizer*.*"
C:\Program Files (x86)\Lenovo\Boot Optimizer\Lenovo EE Boot Optimizer.ico --a---- 46878 bytes [23:08 11/10/2011] [23:08 11/10/2011] 420C0D27880E57B1BF0EB79F8832F473
C:\Program Files (x86)\Lenovo\Boot Optimizer\china\BootOptimizer.chm --a---- 79835 bytes [23:08 11/10/2011] [23:08 11/10/2011] EE582A5C84FF2D89B6E6D7D2602B5BC8
C:\Program Files (x86)\Lenovo\Boot Optimizer\Czech\BootOptimizer.chm --a---- 257345 bytes [23:08 11/10/2011] [23:08 11/10/2011] CA469C17DB46F11A4BE29E5724D8932D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Danish\BootOptimizer.chm --a---- 236591 bytes [23:08 11/10/2011] [23:08 11/10/2011] EE7F52963595C51BD24ED1D6963487DF
C:\Program Files (x86)\Lenovo\Boot Optimizer\Dutch\BootOptimizer.chm --a---- 265005 bytes [23:08 11/10/2011] [23:08 11/10/2011] 1852FD74B73EA19DDF15FD672F7A7B63
C:\Program Files (x86)\Lenovo\Boot Optimizer\English\BootOptimizer.chm --a---- 312649 bytes [23:08 11/10/2011] [23:08 11/10/2011] 85831A55F93E96360FB0C2094B90E040
C:\Program Files (x86)\Lenovo\Boot Optimizer\Finnish\BootOptimizer.chm --a---- 262179 bytes [23:08 11/10/2011] [23:08 11/10/2011] 57D9580114E4DC38F0717EEEABCBB787
C:\Program Files (x86)\Lenovo\Boot Optimizer\french\BootOptimizer.chm --a---- 167219 bytes [23:08 11/10/2011] [23:08 11/10/2011] 5B0DD8A8B47990FB5E600ADC0B83EDC7
C:\Program Files (x86)\Lenovo\Boot Optimizer\German\BootOptimizer.chm --a---- 261831 bytes [23:08 11/10/2011] [23:08 11/10/2011] 582E60D0A0FA93F90EF1E9C0294F010D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Greek\BootOptimizer.chm --a---- 295963 bytes [23:08 11/10/2011] [23:08 11/10/2011] 248673AC9380E0FBCEA1A59EEF89B46C
C:\Program Files (x86)\Lenovo\Boot Optimizer\Hungarian\BootOptimizer.chm --a---- 269619 bytes [23:08 11/10/2011] [23:08 11/10/2011] 2A5D833675EE2A39B08A3763706CA381
C:\Program Files (x86)\Lenovo\Boot Optimizer\Italy\BootOptimizer.chm --a---- 247411 bytes [23:08 11/10/2011] [23:08 11/10/2011] A3B19B4FDE8E0F82A9A3CE9C9E66BC08
C:\Program Files (x86)\Lenovo\Boot Optimizer\Japan\BootOptimizer.chm --a---- 231779 bytes [23:08 11/10/2011] [23:08 11/10/2011] 897ADBA898E67F16A004A57FEDD6F1B5
C:\Program Files (x86)\Lenovo\Boot Optimizer\Korean\BootOptimizer.chm --a---- 217331 bytes [23:08 11/10/2011] [23:08 11/10/2011] DEB9DCA11F8AC348A6323E522C90FB5E
C:\Program Files (x86)\Lenovo\Boot Optimizer\Norwegian\BootOptimizer.chm --a---- 260579 bytes [23:08 11/10/2011] [23:08 11/10/2011] 4E258B91988C871A1A855B58CEA7A974
C:\Program Files (x86)\Lenovo\Boot Optimizer\Polish\BootOptimizer.chm --a---- 278667 bytes [23:08 11/10/2011] [23:08 11/10/2011] F4B5CE0CD399945EA18D82D8D2C1ABD0
C:\Program Files (x86)\Lenovo\Boot Optimizer\Portuguese\BootOptimizer.chm --a---- 248883 bytes [23:08 11/10/2011] [23:08 11/10/2011] AD9593DD16FDB011D41A10F192B48525
C:\Program Files (x86)\Lenovo\Boot Optimizer\PT-BR\BootOptimizer.chm --a---- 271899 bytes [23:08 11/10/2011] [23:08 11/10/2011] D0CA1758177C8488A3B2FDBB9547FBA8
C:\Program Files (x86)\Lenovo\Boot Optimizer\Russia\BootOptimizer.chm --a---- 263661 bytes [23:08 11/10/2011] [23:08 11/10/2011] 35407297C44906756BE55842768CA94F
C:\Program Files (x86)\Lenovo\Boot Optimizer\Spanish\BootOptimizer.chm --a---- 263935 bytes [23:08 11/10/2011] [23:08 11/10/2011] 7EE731E5503A1A6FF27E80452BB8642D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Swedish\BootOptimizer.chm --a---- 256007 bytes [23:08 11/10/2011] [23:08 11/10/2011] A08510293CCC991CD1D93B27359C8852
C:\Program Files (x86)\Lenovo\Boot Optimizer\Tradition\BootOptimizer.chm --a---- 212649 bytes [23:08 11/10/2011] [23:08 11/10/2011] 0FB4D1CD1F8D0DB78F49CC55B0F5C74D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Turkish\BootOptimizer.chm --a---- 238209 bytes [23:08 11/10/2011] [23:08 11/10/2011] 9CFB6F09791AFC250DAC52A571424831
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo EE Boot Optimizer.lnk --a---- 2101 bytes [23:08 11/10/2011] [23:08 11/10/2011] 974C5F022E2505C86A6E327A63EBB7CC
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo EE Boot Optimizer.lnk --a---- 2101 bytes [23:08 11/10/2011] [23:08 11/10/2011] 974C5F022E2505C86A6E327A63EBB7CC
C:\Users\Public\Desktop\Lenovo EE Boot Optimizer.lnk --a---- 2083 bytes [23:08 11/10/2011] [23:08 11/10/2011] 766750C12BC14D1A27712F02F839AFD8

Searching for "*LyricsSing*.*"
No files found.

Searching for "*Tencent*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe.vir --a---- 845176 bytes [16:35 07/03/2014] [16:35 07/03/2014] 29D88971E1AF8299ED42DF6988B86681

Searching for "*DefaultTab*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\defaulttab.config.vir --a---- 15463 bytes [21:38 27/02/2014] [21:38 27/02/2014] BCA50D03C9C1AC27953F0E332893149C
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll --a---- 254976 bytes [22:54 26/10/2013] [06:00 30/11/1979] B59210158C1ADE09DAE878E3C3D9DD72

Searching for "*BetterSurf*.*"
No files found.

Searching for "*WebexpEnhanced*.*"
No files found.

Searching for "*jncmagbhmnlmppimlagabdnhhlbclman*.*"
No files found.

Searching for "*better-surf*.*"
No files found.

Searching for "*N1yiPr_Rfs*.*"
No files found.

Searching for "*qafEv57pd*.*"
No files found.

-= EOF =-


----------



## Frustrated1636 (Oct 25, 2012)

Here is the second one:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:55 on 29/04/2014 by Chuck
Administrator - Elevation successful

========== folderfind ==========

Searching for "*LuckLeap*"
No folders found.

Searching for "*LemurLeap*"
No folders found.

Searching for "*SearchProtect*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\SearchProtect d------  [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\SearchProtect\SearchProtect d------ [19:54 11/04/2014]

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit d------ [19:54 11/04/2014]

Searching for "C:\Users\Chuck\AppData\Local\GCC*"
No folders found.

Searching for "*Wajam*"
No folders found.

Searching for "*jpmbfleldcgkldadpdinhjjopdfpjfjp*"
No folders found.

Searching for "*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} d------ [19:54 11/04/2014]

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Babylon d------ [19:54 11/04/2014]

Searching for "*snap.do*"
No folders found.

Searching for "*bProtector*"
No folders found.

Searching for "*MySearch*"
No folders found.

Searching for "*Media View*"
No folders found.

Searching for "*MediaView*"
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewerV1 d------ [21:42 25/04/2014]
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewV1 d------ [21:42 25/04/2014]

Searching for "*Media Viewer*"
No folders found.

Searching for "*MediaViewer*"
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewerV1 d------ [21:42 25/04/2014]

Searching for "*SmARtCompare*"
C:\Qoobox\Quarantine\C\ProgramData\SmARtCompare d------ [21:42 25/04/2014]

Searching for "*knmafenhackomkdiaggnceblhfomhofe*"
No folders found.

Searching for "*DealPly*"
No folders found.

Searching for "*I Want This*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*InternetHelper*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\internethelper3.1 d------ [19:54 11/04/2014]
C:\Users\Chuck\AppData\LocalLow\InternetHelper3.7 d------ [01:09 10/11/2013]

Searching for "*KeyBar*"
No folders found.

Searching for "*Optimizer*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\Documents\Optimizer Pro d------ [19:54 11/04/2014]
C:\Program Files (x86)\Lenovo\Boot Optimizer d------ [23:08 11/10/2011]

Searching for "*LyricsSing*"
No folders found.

Searching for "*Tencent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Tencent d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent\QQ\Misc\com.tencent.wireless d------ [19:54 11/04/2014]
C:\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent d------ [16:02 17/09/2012]
C:\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone d------ [02:22 06/12/2013]
C:\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.weather d------ [20:58 06/12/2013]
C:\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.wireless d------ [02:22 06/12/2013]
C:\RestoreSony\C\Users\Owner\Documents\Tencent Files d------ [16:02 17/09/2012]
C:\RestoreSony\C\Users\Owner\Documents\Tencent Files\All Users\QQ\Misc\com.tencent.qqshow d------ [16:07 17/09/2012]
C:\RestoreSony\C\Users\Public\Documents\Tencent d------ [16:03 17/09/2012]
C:\Users\Chuck\Documents\Tencent Files d------ [16:40 07/03/2014]
C:\Users\OLD Computer\C\Users\Owner\Documents\Tencent Files d------ [16:02 17/09/2012]
C:\Users\Public\Documents\Tencent d------ [16:39 07/03/2014]

Searching for "*DefaultTab*"
No folders found.

Searching for "*BetterSurf*"
No folders found.

Searching for "*WebexpEnhanced*"
No folders found.

Searching for "*jncmagbhmnlmppimlagabdnhhlbclman*"
No folders found.

Searching for "*better-surf*"
No folders found.

Searching for "*poheodfamflhhhdcmjfeggbgigeefaco*"
No folders found.

Searching for "*N1yiPr_Rfs*"
No folders found.

Searching for "*qafEv57pd*"
No folders found.

-= EOF =-


----------



## Frustrated1636 (Oct 25, 2012)

And here is the third one. Thanks for all your efforts!!!!

SystemLook 30.07.11 by jpshortstuff
Log created at 10:00 on 29/04/2014 by Chuck
Administrator - Elevation successful

========== regfind ==========

Searching for "LuckLeap"
No data found.

Searching for "LemurLeap"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\LemurLeap]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Util LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Util LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util LemurLeap]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\LemurLeap]

Searching for "SearchProtect"
[HKEY_CURRENT_USER\Software\SearchProtectDetection]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\SearchProtectDetection]

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A210A55-1C52-42DC-98B9-83FCB53BCB36}]
"AppPath"="C:\Users\Chuck\AppData\Local\Conduit\CT3310511"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5B8712-95AE-485B-8803-FA1772C6F210}]
"AppPath"="C:\Users\Chuck\AppData\Local\Conduit\CT3315828"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359E7DB2-51B9-443C-A5D4-3AF2C8649468}]
"AppPath"="C:\Users\Chuck\AppData\Local\Conduit\CT3291327"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6CA955F-DF1E-442C-BDA4-DEE2B5209008}]
"AppPath"="C:\Users\Chuck\AppData\Local\Conduit\CT3289663"

Searching for "Wajam"
No data found.

Searching for "jpmbfleldcgkldadpdinhjjopdfpjfjp"
No data found.

Searching for "5a95a9e0-59dd-4314-bd84-4d18ca83a0e2"
No data found.

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "snap.do"
No data found.

Searching for "bProtector"
No data found.

Searching for "MySearch"
No data found.

Searching for "Media View"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewerV1\Media Viewer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewV1\Media View]

Searching for "MediaView"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifcpmlipdckkgahcekdccikeddjgnbl]
"path"="C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha753\ch\MediaViewV1alpha753.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jncmagbhmnlmppimlagabdnhhlbclman]
"path"="C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ch\MediaViewerV1alpha3789.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewerV1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewV1]

Searching for "Media Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewerV1\Media Viewer]

Searching for "MediaViewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jncmagbhmnlmppimlagabdnhhlbclman]
"path"="C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha3789\ch\MediaViewerV1alpha3789.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewerV1]

Searching for "SmARtCompare"
No data found.

Searching for "knmafenhackomkdiaggnceblhfomhofe"
No data found.

Searching for "DealPly"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670537B1-ED68-4175-ACE1-396A82F97BC8}]
"Path"="\DealPlyUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A5170C-8FC0-4357-A33B-3A2E98CEF9CD}]
"Path"="\DealPly"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate]

Searching for "I Want This"
No data found.

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FD1DD379D15DBB646BCA5D66711D331C]
"ProductName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FD1DD379D15DBB646BCA5D66711D331C\SourceList]
"PackageName"="iminent.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FD1DD379D15DBB646BCA5D66711D331C\SourceList]
"LastUsedSource"="n;1;C:\Users\Chuck\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FD1DD379D15DBB646BCA5D66711D331C\SourceList\Net]
"1"="C:\Users\Chuck\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"FD1DD379D15DBB646BCA5D66711D331C"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"InstallSource"="C:\Users\Chuck\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"

Searching for "InternetHelper"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\InternetHelper3.1]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\InternetHelper3.7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}]
@="InternetHelper3.1 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}\InprocServer32]
@="C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}]
@="InternetHelper3.7 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}\InprocServer32]
@="C:\Program Files (x86)\InternetHelper3.7\prxtbInte.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5B8712-95AE-485B-8803-FA1772C6F210}]
"AppName"="InternetHelper3.7AutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3F3B40-CD6C-412B-BA37-1A2DCCBA3885}]
"AppPath"="C:\Program Files (x86)\InternetHelper3.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3F3B40-CD6C-412B-BA37-1A2DCCBA3885}]
"AppName"="InternetHelper3.7ToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEAF6A20-B0C5-4083-8E5B-70F711DE073D}]
"AppPath"="C:\Program Files (x86)\InternetHelper3.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEAF6A20-B0C5-4083-8E5B-70F711DE073D}]
"AppName"="InternetHelper3.1ToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6CA955F-DF1E-442C-BDA4-DEE2B5209008}]
"AppName"="InternetHelper3.1AutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}]
@="InternetHelper3.1 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}\InprocServer32]
@="C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}]
@="InternetHelper3.7 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}\InprocServer32]
@="C:\Program Files (x86)\InternetHelper3.7\prxtbInte.dll"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\AppDataLow\Software\InternetHelper3.1]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\AppDataLow\Software\InternetHelper3.7]

Searching for "KeyBar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\KeyBar_1.14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}]
@="KeyBar 1.14 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}\InprocServer32]
@="C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359E7DB2-51B9-443C-A5D4-3AF2C8649468}]
"AppName"="KeyBar_1.14AutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9595551E-31CC-4533-A454-D399B7791835}]
"AppPath"="C:\Program Files (x86)\KeyBar_1.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9595551E-31CC-4533-A454-D399B7791835}]
"AppName"="KeyBar_1.14ToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar 1.14 Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"DisplayName"="KeyBar 1.14 Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"HelpLink"="http://KeyBar114.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"Publisher"="KeyBar 1.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"URLInfoAbout"="http://KeyBar114.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"DisplayIcon"="C:\Program Files (x86)\KeyBar_1.14\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
"UninstallString"="C:\Program Files (x86)\KeyBar_1.14\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}]
@="KeyBar 1.14 API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}\InprocServer32]
@="C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\KeyBar_1.14]

Searching for "Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"Name"="Lenovo\Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"path"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"InstallPath"="C:\Program Files (x86)\Lenovo\Boot Optimizer\FBSet.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"InstallDir"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"DisplayName"="Lenovo\Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"DisplayName"="Lenovo EE Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"UninstallString"="C:\Program Files (x86)\Lenovo\Boot Optimizer\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"InstallLocation"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"ReadMe"="C:\Program Files (x86)\Lenovo\Boot Optimizer\Readme.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"DisplayIcon"="C:\Program Files (x86)\Lenovo\Boot Optimizer\\FBSet.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"

Searching for "LyricsSing"
No data found.

Searching for "Tencent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae56af2_0]
@="{0.0.0.00000000}.{43ada949-9478-4ebd-9af8-aab9c78f8e00}|\Device\HarddiskVolume2\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\EMOTION.File\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-149"
[HKEY_CURRENT_USER\Software\Classes\EMOTION.File\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\EMOTION.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-135"
[HKEY_CURRENT_USER\Software\Classes\EMOTION.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\Tencent]
[HKEY_CURRENT_USER\Software\Classes\Tencent]
"URL Protocol"="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe"
[HKEY_CURRENT_USER\Software\Classes\Tencent\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,1"
[HKEY_CURRENT_USER\Software\Classes\Tencent\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\THEMEX.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-150"
[HKEY_CURRENT_USER\Software\Classes\THEMEX.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}\2.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
@="C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5318D0E8-A003-446A-B66C-5E5E652ACB24}\LocalServer32]
@=""C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\ToolboxBitmap32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAAED308-7322-4b9b-965E-171933ADD473}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}\2.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
@="C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5318D0E8-A003-446A-B66C-5E5E652ACB24}\LocalServer32]
@=""C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}\ToolboxBitmap32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EAAED308-7322-4b9b-965E-171933ADD473}\InprocServer32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}\2.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\SSOLUIControl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
@="C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae56af2_0]
@="{0.0.0.00000000}.{43ada949-9478-4ebd-9af8-aab9c78f8e00}|\Device\HarddiskVolume2\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.File\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-149"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.File\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-135"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\Tencent]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\Tencent]
"URL Protocol"="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\Tencent\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,1"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\Tencent\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\THEMEX.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-150"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\THEMEX.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.File\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-149"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.File\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-135"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\Tencent]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\Tencent]
"URL Protocol"="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\Tencent\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,1"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\Tencent\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\THEMEX.Package\DefaultIcon]
@="C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe,-150"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\THEMEX.Package\shell\open\command]
@=""C:\Program Files (x86)\Tencent\QQIntl\Bin\Timwp.exe" "%1""

Searching for "DefaultTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@="DefaultTabToolbarBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D69495AF-8F32-39EE-BD96-D683D87D6A8E}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Word.WdDefaultTableBehavior"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@="DefaultTabToolbarBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@="DefaultTabToolbarBHO"
[HKEY_USERS\.DEFAULT\Software\DefaultTab]
[HKEY_USERS\S-1-5-18\Software\DefaultTab]

Searching for "BetterSurf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BetterSurf Plus V1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BetterSurf Plus V1]
"Path"="C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ajadlheagenmmedmhaoafgkdenfilcme]
"path"="C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx"

Searching for "WebexpEnhanced"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iimlgpidjkiedgndbhjbalobolmjilei]
"path"="C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92\ch\WebexpEnhancedV1alpha92.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Webexp Enhanced]
"Path"="C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WebexpEnhancedV1]

Searching for "jncmagbhmnlmppimlagabdnhhlbclman"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jncmagbhmnlmppimlagabdnhhlbclman]

Searching for "0C7C23EF-A848-485B-873C-0ED954731014"
No data found.

Searching for "A57E074F-56D8-4A33-8112-AAC9693AA909"
No data found.

Searching for "DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9"
No data found.

Searching for "HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH"
No data found.

Searching for "better-surf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Better-Surf]

Searching for "N1yiPr_Rfs"
No data found.

Searching for "qafEv57pd"
No data found.

========== dir ==========

C:\Users\Chuck\Downloads - Parameters: "(none)"

---Files---
13D8.tmp --a---- 161976 bytes [16:12 10/04/2014] [16:12 10/04/2014]
1458.tmp --a---- 161976 bytes [15:40 10/04/2014] [15:40 10/04/2014]
1E21.tmp --a---- 161976 bytes [15:36 10/04/2014] [15:36 10/04/2014]
1EBD.tmp --a---- 161976 bytes [15:18 10/04/2014] [15:18 10/04/2014]
1F4.tmp --a---- 161976 bytes [15:35 10/04/2014] [15:35 10/04/2014]
201303011362157572_2.zip --a---- 160691 bytes [05:47 08/02/2014] [05:47 08/02/2014]
2107.tmp --a---- 161976 bytes [21:05 09/04/2014] [21:05 09/04/2014]
216F.tmp --a---- 161976 bytes [14:58 10/04/2014] [14:58 10/04/2014]
21D2.tmp --a---- 161976 bytes [15:14 10/04/2014] [15:14 10/04/2014]
26FD.tmp --a---- 161976 bytes [14:56 10/04/2014] [14:56 10/04/2014]
270C.tmp --a---- 161976 bytes [15:12 10/04/2014] [15:12 10/04/2014]
2730.tmp --a---- 161976 bytes [15:07 10/04/2014] [15:07 10/04/2014]
2A3E.tmp --a---- 161976 bytes [22:33 09/04/2014] [22:33 09/04/2014]
2DF5.tmp --a---- 161976 bytes [19:04 09/04/2014] [19:04 09/04/2014]
2E4.tmp --a---- 161976 bytes [19:03 09/04/2014] [19:03 09/04/2014]
3264.tmp --a---- 161976 bytes [04:49 10/04/2014] [04:49 10/04/2014]
3374.tmp --a---- 161976 bytes [20:34 09/04/2014] [20:34 09/04/2014]
3950.tmp --a---- 161976 bytes [22:37 09/04/2014] [22:37 09/04/2014]
395E.tmp --a---- 161976 bytes [20:35 09/04/2014] [20:35 09/04/2014]
3971.tmp --a---- 161976 bytes [19:09 09/04/2014] [19:09 09/04/2014]
3A98.tmp --a---- 161976 bytes [15:37 10/04/2014] [15:38 10/04/2014]
3D52.tmp --a---- 161976 bytes [03:17 10/04/2014] [03:17 10/04/2014]
43B3.tmp --a---- 161976 bytes [19:07 09/04/2014] [19:08 09/04/2014]
4521.tmp --a---- 161976 bytes [18:57 09/04/2014] [18:57 09/04/2014]
46CA.tmp --a---- 161976 bytes [15:06 10/04/2014] [15:06 10/04/2014]
48F4.tmp --a---- 161976 bytes [22:34 09/04/2014] [22:34 09/04/2014]
4B2D.tmp --a---- 161976 bytes [15:12 10/04/2014] [15:12 10/04/2014]
4B44.tmp --a---- 161976 bytes [14:50 10/04/2014] [14:50 10/04/2014]
4E41.tmp --a---- 161976 bytes [15:31 10/04/2014] [15:31 10/04/2014]
4F3C.tmp --a---- 161976 bytes [15:23 10/04/2014] [15:23 10/04/2014]
4FD9.tmp --a---- 161976 bytes [15:15 10/04/2014] [15:15 10/04/2014]
548C.tmp --a---- 161976 bytes [21:07 09/04/2014] [21:07 09/04/2014]
56F3.tmp --a---- 161976 bytes [15:39 10/04/2014] [15:39 10/04/2014]
58F3.tmp --a---- 161976 bytes [15:34 10/04/2014] [15:34 10/04/2014]
5989.tmp --a---- 161976 bytes [15:20 10/04/2014] [15:20 10/04/2014]
5BD8.tmp --a---- 161976 bytes [16:29 10/04/2014] [16:29 10/04/2014]
5E8.tmp --a---- 161976 bytes [04:46 10/04/2014] [04:46 10/04/2014]
60D7.tmp --a---- 161976 bytes [15:35 10/04/2014] [15:35 10/04/2014]
61D6.tmp --a---- 161976 bytes [15:54 10/04/2014] [15:54 10/04/2014]
638A.tmp --a---- 161976 bytes [05:15 10/04/2014] [05:15 10/04/2014]
6534.tmp --a---- 161976 bytes [14:58 10/04/2014] [14:58 10/04/2014]
6785.tmp --a---- 161976 bytes [16:21 10/04/2014] [16:21 10/04/2014]
686A.tmp --a---- 161976 bytes [19:03 09/04/2014] [19:03 09/04/2014]
6CDB.tmp --a---- 161976 bytes [19:07 09/04/2014] [19:07 09/04/2014]
6CF.tmp --a---- 161976 bytes [19:07 09/04/2014] [19:07 09/04/2014]
6DA.tmp --a---- 161976 bytes [15:08 10/04/2014] [15:08 10/04/2014]
6E96.tmp --a---- 161976 bytes [15:13 10/04/2014] [15:13 10/04/2014]
6EED.tmp --a---- 161976 bytes [15:19 10/04/2014] [15:19 10/04/2014]
6F0A.tmp --a---- 161976 bytes [05:17 10/04/2014] [05:17 10/04/2014]
70E6.tmp --a---- 161976 bytes [14:55 10/04/2014] [14:55 10/04/2014]
7291.tmp --a---- 161976 bytes [15:40 10/04/2014] [15:40 10/04/2014]
733D.tmp --a---- 161976 bytes [15:14 10/04/2014] [15:14 10/04/2014]
74A.tmp --a---- 161976 bytes [19:16 09/04/2014] [19:16 09/04/2014]
74FC.tmp --a---- 161976 bytes [22:35 09/04/2014] [22:35 09/04/2014]
791F.tmp --a---- 161976 bytes [14:50 10/04/2014] [14:50 10/04/2014]
79B9.tmp --a---- 161976 bytes [15:15 10/04/2014] [15:15 10/04/2014]
7A02.tmp --a---- 161976 bytes [19:09 09/04/2014] [19:09 09/04/2014]
7BE8.tmp --a---- 161976 bytes [18:57 09/04/2014] [18:57 09/04/2014]
7C68.tmp --a---- 161976 bytes [15:37 10/04/2014] [15:37 10/04/2014]
7D5D.tmp --a---- 161976 bytes [15:52 10/04/2014] [15:52 10/04/2014]
806C.tmp --a---- 161976 bytes [19:15 09/04/2014] [19:15 09/04/2014]
80DB.tmp --a---- 161976 bytes [16:30 10/04/2014] [16:30 10/04/2014]
80F.tmp --a---- 161976 bytes [15:31 10/04/2014] [15:31 10/04/2014]
81D3.tmp --a---- 161976 bytes [19:08 09/04/2014] [19:08 09/04/2014]
8458.tmp --a---- 161976 bytes [15:00 10/04/2014] [15:00 10/04/2014]
8618.tmp --a---- 161976 bytes [22:32 09/04/2014] [22:32 09/04/2014]
87BC.tmp --a---- 161976 bytes [14:54 10/04/2014] [14:54 10/04/2014]
88B2.tmp --a---- 161976 bytes [15:18 10/04/2014] [15:18 10/04/2014]
89CA.tmp --a---- 161976 bytes [15:24 10/04/2014] [15:24 10/04/2014]
8AED.tmp --a---- 161976 bytes [21:05 09/04/2014] [21:05 09/04/2014]
8B61.tmp --a---- 161976 bytes [16:12 10/04/2014] [16:12 10/04/2014]
8ED2.tmp --a---- 161976 bytes [19:17 09/04/2014] [19:17 09/04/2014]
903.tmp --a---- 161976 bytes [14:59 10/04/2014] [14:59 10/04/2014]
9271.tmp --a---- 161976 bytes [19:05 09/04/2014] [19:05 09/04/2014]
92B1.tmp --a---- 161976 bytes [15:07 10/04/2014] [15:07 10/04/2014]
96F0.tmp --a---- 161976 bytes [19:07 09/04/2014] [19:07 09/04/2014]
996F.tmp --a---- 161976 bytes [15:38 10/04/2014] [15:38 10/04/2014]
9C29.tmp --a---- 161976 bytes [14:55 10/04/2014] [14:55 10/04/2014]
9C33.tmp --a---- 161976 bytes [15:31 10/04/2014] [15:31 10/04/2014]
9D29.tmp --a---- 161976 bytes [15:14 10/04/2014] [15:14 10/04/2014]
A22B.tmp --a---- 161976 bytes [16:31 10/04/2014] [16:31 10/04/2014]
A39E.tmp --a---- 161976 bytes [22:37 09/04/2014] [22:37 09/04/2014]
A487.tmp --a---- 161976 bytes [15:23 10/04/2014] [15:23 10/04/2014]
A57D.tmp --a---- 161976 bytes [04:48 10/04/2014] [04:48 10/04/2014]
A627.tmp --a---- 161976 bytes [19:02 09/04/2014] [19:02 09/04/2014]
A66E.tmp --a---- 161976 bytes [18:57 09/04/2014] [18:57 09/04/2014]
A75C.tmp --a---- 161976 bytes [15:35 10/04/2014] [15:35 10/04/2014]
AAA Certified Flow Chart.pdf --a---- 184549 bytes [22:44 22/04/2012] [22:44 22/04/2012]
AAA Certified SCA Powerpoint 121511.pdf --a---- 760266 bytes [22:45 22/04/2012] [22:45 22/04/2012]
AAA SureSale _Business Agreement Signed Signature Page of Marketing Agreement 1-20-2012.pdf --a---- 1064493 bytes [22:44 22/04/2012] [22:44 22/04/2012]
AdwCleaner(1).exe --a---- 1426178 bytes [16:17 12/04/2014] [16:17 12/04/2014]
AdwCleaner(2).exe --a---- 1426178 bytes [21:12 14/04/2014] [21:12 14/04/2014]
AdwCleaner(2).exe - Shortcut.lnk --a---- 1444 bytes [21:13 14/04/2014] [21:13 14/04/2014]
AdwCleaner(3).exe --a---- 1426178 bytes [21:16 14/04/2014] [21:17 14/04/2014]
AdwCleaner.exe --a---- 1426178 bytes [19:47 11/04/2014] [19:47 11/04/2014]
AntiMalware-Installer.exe --a---- 4854016 bytes [01:36 15/12/2013] [01:38 15/12/2013]
ASI Letter of Authorization.pdf --a---- 1516486 bytes [22:44 22/04/2012] [22:44 22/04/2012]
B13D.tmp --a---- 161976 bytes [16:37 10/04/2014] [16:37 10/04/2014]
B190.tmp --a---- 161976 bytes [15:06 10/04/2014] [15:06 10/04/2014]
B1B.tmp --a---- 161976 bytes [22:36 09/04/2014] [22:36 09/04/2014]
B586.tmp --a---- 161976 bytes [15:39 10/04/2014] [15:39 10/04/2014]
B587.tmp --a---- 161976 bytes [14:50 10/04/2014] [14:50 10/04/2014]
B693.tmp --a---- 161976 bytes [20:33 09/04/2014] [20:33 09/04/2014]
B80B.tmp --a---- 161976 bytes [22:33 09/04/2014] [22:33 09/04/2014]
BA96.tmp --a---- 161976 bytes [14:57 10/04/2014] [14:57 10/04/2014]
BAB0.tmp --a---- 161976 bytes [20:34 09/04/2014] [20:34 09/04/2014]
BE33.tmp --a---- 161976 bytes [04:49 10/04/2014] [04:49 10/04/2014]
BEE5.tmp --a---- 161976 bytes [21:06 09/04/2014] [21:06 09/04/2014]
C0B4.tmp --a---- 161976 bytes [15:54 10/04/2014] [15:54 10/04/2014]
C182.tmp --a---- 161976 bytes [15:36 10/04/2014] [15:36 10/04/2014]
C665.tmp --a---- 161976 bytes [19:08 09/04/2014] [19:08 09/04/2014]
C88F.tmp --a---- 161976 bytes [19:04 09/04/2014] [19:04 09/04/2014]
C90F.tmp --a---- 161976 bytes [15:05 10/04/2014] [15:05 10/04/2014]
CA44.tmp --a---- 161976 bytes [15:14 10/04/2014] [15:14 10/04/2014]
CC93.tmp --a---- 161976 bytes [19:07 09/04/2014] [19:07 09/04/2014]
contact --a---- 28837 bytes [22:51 07/04/2014] [22:52 07/04/2014]
D4F1.tmp --a---- 161976 bytes [16:28 10/04/2014] [16:28 10/04/2014]
DB2B.tmp --a---- 161976 bytes [15:37 10/04/2014] [15:37 10/04/2014]
DC9.tmp --a---- 161976 bytes [14:54 10/04/2014] [14:54 10/04/2014]
DD32.tmp --a---- 161976 bytes [16:21 10/04/2014] [16:21 10/04/2014]
DEFA.tmp --a---- 161976 bytes [22:35 09/04/2014] [22:35 09/04/2014]
desktop.ini --ahs-- 282 bytes [17:09 01/02/2012] [01:37 15/09/2013]
DF6F.tmp --a---- 161976 bytes [15:32 10/04/2014] [15:32 10/04/2014]
DF8E.tmp --a---- 161976 bytes [05:15 10/04/2014] [05:15 10/04/2014]
DFF7.tmp --a---- 161976 bytes [15:51 10/04/2014] [15:51 10/04/2014]
dffsetup-zlib1.exe --a---- 5341472 bytes [05:08 08/02/2014] [05:09 08/02/2014]
DriverUpdate-setup (1).exe --a---- 739808 bytes [16:03 07/04/2014] [16:03 07/04/2014]
DriverUpdate-setup.exe --a---- 739808 bytes [15:59 07/04/2014] [15:59 07/04/2014]
E3C2.tmp --a---- 161976 bytes [15:20 10/04/2014] [15:20 10/04/2014]
E810.tmp --a---- 161976 bytes [05:17 10/04/2014] [05:17 10/04/2014]
EA7B.tmp --a---- 161976 bytes [15:12 10/04/2014] [15:12 10/04/2014]
EB2C.tmp --a---- 161976 bytes [15:23 10/04/2014] [15:23 10/04/2014]
EF28.tmp --a---- 161976 bytes [15:34 10/04/2014] [15:34 10/04/2014]
Extras.Txt --a---- 82290 bytes [16:08 05/04/2014] [19:33 05/04/2014]
F01D.tmp --a---- 161976 bytes [22:31 09/04/2014] [22:31 09/04/2014]
F470.tmp --a---- 161976 bytes [05:18 10/04/2014] [05:18 10/04/2014]
F6F.tmp --a---- 161976 bytes [16:31 10/04/2014] [16:31 10/04/2014]
F801.tmp --a---- 161976 bytes [15:38 10/04/2014] [15:38 10/04/2014]
F983.tmp --a---- 161976 bytes [15:14 10/04/2014] [15:14 10/04/2014]
FB0D.tmp --a---- 161976 bytes [14:58 10/04/2014] [14:58 10/04/2014]
FB85.tmp --a---- 161976 bytes [15:19 10/04/2014] [15:19 10/04/2014]
FBDA.tmp --a---- 161976 bytes [16:30 10/04/2014] [16:30 10/04/2014]
FD73.tmp --a---- 161976 bytes [19:08 09/04/2014] [19:08 09/04/2014]
FinallyFast.setup (1).exe --a---- 7028656 bytes [12:21 09/04/2014] [12:21 09/04/2014]
FinallyFast.setup.exe --a---- 7028656 bytes [12:20 09/04/2014] [12:21 09/04/2014]
Greg Potts - Retirement letter and package (1).zip --a---- 4789684 bytes [21:09 25/02/2014] [21:09 25/02/2014]
Greg Potts - Retirement letter and package.zip --a---- 4789684 bytes [21:09 25/02/2014] [21:09 25/02/2014]
HijackThis.exe --a---- 388608 bytes [12:05 02/03/2014] [12:05 02/03/2014]
hs_err_pid4132.log --a---- 18608 bytes [02:16 15/12/2013] [02:16 15/12/2013]
hs_err_pid66912.log --a---- 17073 bytes [21:41 06/07/2013] [21:41 06/07/2013]
hs_err_pid67060.log --a---- 17240 bytes [21:50 06/07/2013] [21:50 06/07/2013]
IDM2.exe --a---- 1071168 bytes [05:08 08/02/2014] [05:08 08/02/2014]
Installer.exe --a---- 104360 bytes [04:11 08/02/2014] [04:12 08/02/2014]
jre-6u31-windows-i586-iftw (1).exe --a---- 910112 bytes [00:15 03/03/2012] [00:15 03/03/2012]
jre-6u31-windows-i586-iftw.exe --a---- 910112 bytes [00:15 03/03/2012] [00:16 03/03/2012]
lotrohigh.exe --a---- 2525224 bytes [21:08 08/02/2014] [21:09 08/02/2014]
LOTROProgressive_4.28 (1).exe --a---- 8711768 bytes [17:06 08/02/2014] [17:06 08/02/2014]
LOTROProgressive_4.28 (2).exe --a---- 8711768 bytes [00:40 09/02/2014] [00:40 09/02/2014]
LOTROProgressive_4.28(1).exe --a---- 8711768 bytes [20:58 08/02/2014] [20:59 08/02/2014]
LOTROProgressive_4.28(2).exe --a---- 8711768 bytes [20:59 08/02/2014] [20:59 08/02/2014]
LOTROProgressive_4.28.exe --a---- 8711768 bytes [17:05 08/02/2014] [17:06 08/02/2014]
mbam-setup-2.0.1.1004.exe --a---- 17305616 bytes [14:22 11/04/2014] [14:23 11/04/2014]
Minecraft (1).exe --a---- 263186 bytes [23:21 05/04/2013] [23:21 05/04/2013]
Minecraft.exe --a---- 263186 bytes [22:09 20/03/2013] [22:09 20/03/2013]
Mutual NDA Non Circumvention 130815 v1.4.docx --a---- 27392 bytes [17:05 07/04/2014] [17:05 07/04/2014]
OOo_3.3.0_Win_x86_install-wJRE_en-US.exe --a---- 158067944 bytes [18:17 05/03/2012] [18:21 05/03/2012]
OTL - Shortcut.lnk --a---- 969 bytes [15:57 13/03/2014] [15:57 13/03/2014]
OTL(1).exe --a---- 602112 bytes [15:48 07/04/2014] [15:48 07/04/2014]
OTL(1).exe.part --a---- 295528 bytes [15:52 13/03/2014] [16:01 13/03/2014]
OTL(2).exe --a---- 602112 bytes [14:38 10/04/2014] [14:38 10/04/2014]
OTL.exe --a---- 602112 bytes [15:05 05/04/2014] [15:05 05/04/2014]
OTL.exe.part - Shortcut.lnk --a---- 1000 bytes [15:57 13/03/2014] [15:57 13/03/2014]
OTL.Txt --a---- 423168 bytes [16:07 05/04/2014] [23:09 16/04/2014]
OTL.Txt140407.txt --a---- 587422 bytes [16:53 07/04/2014] [16:53 07/04/2014]
OTL.Txt140415.txt --a---- 562544 bytes [00:55 16/04/2014] [00:55 16/04/2014]
OTL140410.Txt --a---- 597694 bytes [16:34 10/04/2014] [16:34 10/04/2014]
ParetoLogic PC Health Advisor.exe --a---- 5791960 bytes [14:36 08/02/2014] [14:37 08/02/2014]
Player-Chrome.exe --a---- 1079440 bytes [19:20 09/02/2014] [19:21 09/02/2014]
QQintl2.11.exe --a---- 49880760 bytes [16:32 07/03/2014] [16:34 07/03/2014]
Repair-tool (1).exe --a---- 5162600 bytes [05:50 08/02/2014] [05:50 08/02/2014]
Repair-tool.exe --a---- 5162600 bytes [05:49 08/02/2014] [05:50 08/02/2014]
SecurityCheck(1).exe --a---- 987448 bytes [14:26 05/04/2014] [14:26 05/04/2014]
SecurityCheck(2).exe --a---- 987448 bytes [14:26 05/04/2014] [14:26 05/04/2014]
SecurityCheck.exe --a---- 987442 bytes [15:43 13/03/2014] [15:44 13/03/2014]
Segregation.docx --a---- 556813 bytes [23:48 26/10/2013] [23:48 26/10/2013]
setup (12).exe --a---- 126384 bytes [01:53 28/02/2014] [01:53 28/02/2014]
setup (7).exe --a---- 110776 bytes [03:23 08/02/2014] [03:23 08/02/2014]
setup (8).exe --a---- 110776 bytes [03:23 08/02/2014] [03:23 08/02/2014]
Setup_ODM (1).exe --a---- 444944 bytes [22:06 01/03/2014] [22:06 01/03/2014]
Setup_ODM (2).exe --a---- 444944 bytes [00:11 03/03/2014] [00:11 03/03/2014]
Setup_ODM.exe --a---- 444920 bytes [21:26 25/02/2014] [21:27 25/02/2014]
Setup_OSU (1).exe --a---- 281408 bytes [10:09 06/04/2014] [10:14 06/04/2014]
Setup_OSU (10).exe --a---- 281408 bytes [19:17 06/04/2014] [19:17 06/04/2014]
Setup_OSU (100).exe --a---- 161976 bytes [18:56 09/04/2014] [18:56 09/04/2014]
Setup_OSU (11).exe --a---- 281368 bytes [21:23 06/04/2014] [21:23 06/04/2014]
Setup_OSU (12).exe --a---- 281368 bytes [21:23 06/04/2014] [21:23 06/04/2014]
Setup_OSU (13).exe --a---- 281368 bytes [21:27 06/04/2014] [21:27 06/04/2014]
Setup_OSU (14).exe --a---- 281368 bytes [00:05 08/04/2014] [00:05 08/04/2014]
Setup_OSU (15).exe --a---- 281368 bytes [00:05 08/04/2014] [00:05 08/04/2014]
Setup_OSU (16).exe --a---- 281368 bytes [00:06 08/04/2014] [00:06 08/04/2014]
Setup_OSU (17).exe --a---- 281368 bytes [00:06 08/04/2014] [00:06 08/04/2014]
Setup_OSU (18).exe --a---- 281408 bytes [00:07 08/04/2014] [00:07 08/04/2014]
Setup_OSU (19).exe --a---- 281408 bytes [00:41 08/04/2014] [00:41 08/04/2014]
Setup_OSU (2).exe --a---- 281408 bytes [19:13 06/04/2014] [19:13 06/04/2014]
Setup_OSU (20).exe --a---- 281408 bytes [00:42 08/04/2014] [00:42 08/04/2014]
Setup_OSU (21).exe --a---- 281368 bytes [01:25 08/04/2014] [01:25 08/04/2014]
Setup_OSU (22).exe --a---- 281368 bytes [01:25 08/04/2014] [01:25 08/04/2014]
Setup_OSU (23).exe --a---- 281368 bytes [01:25 08/04/2014] [01:26 08/04/2014]
Setup_OSU (24).exe --a---- 281368 bytes [01:26 08/04/2014] [01:26 08/04/2014]
Setup_OSU (25).exe --a---- 281368 bytes [01:55 08/04/2014] [01:55 08/04/2014]
Setup_OSU (26).exe --a---- 281368 bytes [14:26 08/04/2014] [14:27 08/04/2014]
Setup_OSU (27).exe --a---- 281368 bytes [15:40 08/04/2014] [15:40 08/04/2014]
Setup_OSU (28).exe --a---- 281408 bytes [15:41 08/04/2014] [15:41 08/04/2014]
Setup_OSU (29).exe --a---- 281408 bytes [15:41 08/04/2014] [15:41 08/04/2014]
Setup_OSU (3).exe --a---- 281368 bytes [19:13 06/04/2014] [19:14 06/04/2014]
Setup_OSU (30).exe --a---- 281368 bytes [17:18 08/04/2014] [17:18 08/04/2014]
Setup_OSU (31).exe --a---- 281368 bytes [17:18 08/04/2014] [17:19 08/04/2014]
Setup_OSU (32).exe --a---- 281368 bytes [17:19 08/04/2014] [17:19 08/04/2014]
Setup_OSU (33).exe --a---- 281368 bytes [17:19 08/04/2014] [17:19 08/04/2014]
Setup_OSU (34).exe --a---- 281408 bytes [17:20 08/04/2014] [17:20 08/04/2014]
Setup_OSU (35).exe --a---- 281368 bytes [17:20 08/04/2014] [17:20 08/04/2014]
Setup_OSU (36).exe --a---- 281408 bytes [19:03 08/04/2014] [19:03 08/04/2014]
Setup_OSU (37).exe --a---- 281368 bytes [19:03 08/04/2014] [19:03 08/04/2014]
Setup_OSU (38).exe --a---- 281408 bytes [19:04 08/04/2014] [19:04 08/04/2014]
Setup_OSU (39).exe --a---- 281408 bytes [19:04 08/04/2014] [19:04 08/04/2014]
Setup_OSU (4).exe --a---- 281368 bytes [19:14 06/04/2014] [19:14 06/04/2014]
Setup_OSU (40).exe --a---- 281408 bytes [19:31 08/04/2014] [19:31 08/04/2014]
Setup_OSU (41).exe --a---- 281368 bytes [19:31 08/04/2014] [19:31 08/04/2014]
Setup_OSU (42).exe --a---- 281368 bytes [19:31 08/04/2014] [19:31 08/04/2014]
Setup_OSU (43).exe --a---- 281368 bytes [20:00 08/04/2014] [20:00 08/04/2014]
Setup_OSU (44).exe --a---- 281368 bytes [21:38 08/04/2014] [21:38 08/04/2014]
Setup_OSU (45).exe --a---- 281368 bytes [21:38 08/04/2014] [21:38 08/04/2014]
Setup_OSU (46).exe --a---- 281408 bytes [21:39 08/04/2014] [21:39 08/04/2014]
Setup_OSU (47).exe --a---- 281408 bytes [21:39 08/04/2014] [21:39 08/04/2014]
Setup_OSU (48).exe --a---- 281368 bytes [21:41 08/04/2014] [21:41 08/04/2014]
Setup_OSU (49).exe --a---- 281368 bytes [21:49 08/04/2014] [21:49 08/04/2014]
Setup_OSU (5).exe --a---- 281368 bytes [19:14 06/04/2014] [19:14 06/04/2014]
Setup_OSU (50).exe --a---- 281368 bytes [21:52 08/04/2014] [21:52 08/04/2014]
Setup_OSU (51).exe --a---- 281368 bytes [21:52 08/04/2014] [21:52 08/04/2014]
Setup_OSU (52).exe --a---- 281368 bytes [23:21 08/04/2014] [23:21 08/04/2014]
Setup_OSU (53).exe --a---- 281408 bytes [23:21 08/04/2014] [23:21 08/04/2014]
Setup_OSU (54).exe --a---- 281368 bytes [23:51 08/04/2014] [23:51 08/04/2014]
Setup_OSU (55).exe --a---- 281408 bytes [23:52 08/04/2014] [23:52 08/04/2014]
Setup_OSU (56).exe --a---- 281368 bytes [23:52 08/04/2014] [23:52 08/04/2014]
Setup_OSU (57).exe --a---- 281408 bytes [23:55 08/04/2014] [23:55 08/04/2014]
Setup_OSU (58).exe --a---- 281368 bytes [23:55 08/04/2014] [23:55 08/04/2014]
Setup_OSU (59).exe --a---- 281408 bytes [23:56 08/04/2014] [23:56 08/04/2014]
Setup_OSU (6).exe --a---- 281368 bytes [19:15 06/04/2014] [19:15 06/04/2014]
Setup_OSU (60).exe --a---- 200640 bytes [12:19 09/04/2014] [12:19 09/04/2014]
Setup_OSU (61).exe --a---- 161976 bytes [16:28 09/04/2014] [16:28 09/04/2014]
Setup_OSU (62).exe --a---- 161976 bytes [16:29 09/04/2014] [16:29 09/04/2014]
Setup_OSU (63).exe --a---- 161976 bytes [16:42 09/04/2014] [16:42 09/04/2014]
Setup_OSU (64).exe --a---- 161976 bytes [16:42 09/04/2014] [16:42 09/04/2014]
Setup_OSU (65).exe --a---- 161976 bytes [16:43 09/04/2014] [16:43 09/04/2014]
Setup_OSU (66).exe --a---- 161976 bytes [16:43 09/04/2014] [16:43 09/04/2014]
Setup_OSU (67).exe --a---- 161976 bytes [16:51 09/04/2014] [16:51 09/04/2014]
Setup_OSU (68).exe --a---- 161976 bytes [16:51 09/04/2014] [16:51 09/04/2014]
Setup_OSU (69).exe --a---- 161976 bytes [18:50 09/04/2014] [18:50 09/04/2014]
Setup_OSU (7).exe --a---- 281408 bytes [19:15 06/04/2014] [19:15 06/04/2014]
Setup_OSU (70).exe --a---- 161976 bytes [18:50 09/04/2014] [18:50 09/04/2014]
Setup_OSU (71).exe --a---- 161976 bytes [18:50 09/04/2014] [18:50 09/04/2014]
Setup_OSU (72).exe --a---- 161976 bytes [18:50 09/04/2014] [18:50 09/04/2014]
Setup_OSU (73).exe --a---- 161976 bytes [18:51 09/04/2014] [18:51 09/04/2014]
Setup_OSU (74).exe --a---- 161976 bytes [18:51 09/04/2014] [18:51 09/04/2014]
Setup_OSU (75).exe --a---- 161976 bytes [18:51 09/04/2014] [18:51 09/04/2014]
Setup_OSU (76).exe --a---- 161976 bytes [18:51 09/04/2014] [18:51 09/04/2014]
Setup_OSU (77).exe --a---- 161976 bytes [18:51 09/04/2014] [18:51 09/04/2014]
Setup_OSU (78).exe --a---- 161976 bytes [18:52 09/04/2014] [18:52 09/04/2014]
Setup_OSU (79).exe --a---- 161976 bytes [18:52 09/04/2014] [18:52 09/04/2014]
Setup_OSU (8).exe --a---- 281368 bytes [19:16 06/04/2014] [19:16 06/04/2014]
Setup_OSU (80).exe --a---- 161976 bytes [18:52 09/04/2014] [18:52 09/04/2014]
Setup_OSU (81).exe --a---- 161976 bytes [18:52 09/04/2014] [18:52 09/04/2014]
Setup_OSU (82).exe --a---- 161976 bytes [18:52 09/04/2014] [18:53 09/04/2014]
Setup_OSU (83).exe --a---- 161976 bytes [18:53 09/04/2014] [18:53 09/04/2014]
Setup_OSU (84).exe --a---- 161976 bytes [18:53 09/04/2014] [18:53 09/04/2014]
Setup_OSU (85).exe --a---- 161976 bytes [18:53 09/04/2014] [18:53 09/04/2014]
Setup_OSU (86).exe --a---- 161976 bytes [18:53 09/04/2014] [18:53 09/04/2014]
Setup_OSU (87).exe --a---- 161976 bytes [18:54 09/04/2014] [18:54 09/04/2014]
Setup_OSU (88).exe --a---- 161976 bytes [18:54 09/04/2014] [18:54 09/04/2014]
Setup_OSU (89).exe --a---- 161976 bytes [18:54 09/04/2014] [18:54 09/04/2014]
Setup_OSU (9).exe --a---- 281408 bytes [19:16 06/04/2014] [19:16 06/04/2014]
Setup_OSU (90).exe --a---- 161976 bytes [18:54 09/04/2014] [18:54 09/04/2014]
Setup_OSU (91).exe --a---- 161976 bytes [18:54 09/04/2014] [18:54 09/04/2014]
Setup_OSU (92).exe --a---- 161976 bytes [18:55 09/04/2014] [18:55 09/04/2014]
Setup_OSU (93).exe --a---- 161976 bytes [18:55 09/04/2014] [18:55 09/04/2014]
Setup_OSU (94).exe --a---- 161976 bytes [18:55 09/04/2014] [18:55 09/04/2014]
Setup_OSU (95).exe --a---- 161976 bytes [18:55 09/04/2014] [18:55 09/04/2014]
Setup_OSU (96).exe --a---- 161976 bytes [18:55 09/04/2014] [18:56 09/04/2014]
Setup_OSU (97).exe --a---- 161976 bytes [18:56 09/04/2014] [18:56 09/04/2014]
Setup_OSU (98).exe --a---- 161976 bytes [18:56 09/04/2014] [18:56 09/04/2014]
Setup_OSU (99).exe --a---- 161976 bytes [18:56 09/04/2014] [18:56 09/04/2014]
Setup_OSU.exe --a---- 281368 bytes [04:18 06/04/2014] [04:18 06/04/2014]
SUPERAntiSpyware.exe --a---- 18613088 bytes [17:44 11/04/2014] [17:44 11/04/2014]
SureSale Dealer Training Kit 1-10-2012.pdf --a---- 3000670 bytes [22:44 22/04/2012] [22:44 22/04/2012]
SureSale NIADA Proposal.pdf --a---- 4662510 bytes [22:43 22/04/2012] [22:43 22/04/2012]
test.dat --a---- 4 bytes [05:47 08/02/2014] [05:47 08/02/2014]
Unconfirmed 237379.crdownload --a---- 161976 bytes [15:40 09/04/2014] [15:40 09/04/2014]
Unconfirmed 491.crdownload --a---- 787887 bytes [14:12 06/04/2014] [14:13 06/04/2014]
Unconfirmed 641506.crdownload --a---- 161976 bytes [15:38 09/04/2014] [15:38 09/04/2014]
Unconfirmed 656717.crdownload --a---- 281688 bytes [12:21 09/04/2014] [12:21 09/04/2014]
Unconfirmed 770658.crdownload --a---- 161976 bytes [15:38 09/04/2014] [15:38 09/04/2014]
Unconfirmed 770871.crdownload --a---- 161976 bytes [15:39 09/04/2014] [15:39 09/04/2014]
Unconfirmed 786465.crdownload --a---- 161976 bytes [15:40 09/04/2014] [15:40 09/04/2014]
Unconfirmed 837047.crdownload --a---- 471779 bytes [20:08 04/02/2014] [20:11 04/02/2014]
Unconfirmed 99500.crdownload --a---- 161976 bytes [15:39 09/04/2014] [15:39 09/04/2014]
UnityWebPlayer (1).exe --a---- 1070496 bytes [01:02 06/04/2014] [01:02 06/04/2014]
UnityWebPlayer.exe --a---- 1070496 bytes [01:02 06/04/2014] [01:02 06/04/2014]
Webb Review MDB.pdf --a---- 252163 bytes [19:25 27/02/2014] [19:26 27/02/2014]
WinZip180.exe --a---- 420784 bytes [20:21 03/02/2014] [20:21 03/02/2014]
wp-login.php --a---- 2429 bytes [02:39 07/04/2014] [02:39 07/04/2014]
X17-22375.exe --a---- 790361424 bytes [02:09 24/04/2012] [02:47 24/04/2012]

---Folders---
None found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs :up:

As you may realise, this will take a while, so I'll reply later tonight. Also, we'll use ComboFix to remove it all, as its automated and there are some things there that haven't been removed that we tried before.

I'll explain all tonight. Gotta go, work beckons


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

One thing that is still there though I have tried to remove manually through the control panel, is DII Files Fixer. It pops up occasionally and when I try to remove it says files are missing. I also just noticed DM Uninstaller which I have no idea what it is. Thanks!!!


----------



## eddie5659 (Mar 19, 2001)

Okay, will look at them both after I've gone through the logs 

Back in a bit


----------



## eddie5659 (Mar 19, 2001)

Well, that took a good few hours 

What we'll do, is remove the majority via ComboFix. Once that is done, I'll look at the other two programs, and do some more scans, just to see if any remain etc.

First of all, we'll create a backup of the Registry, just in case. 99.99% of the time nothing happens, but its better to be safe 

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-----

Now, the ComboFix fix.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
File::
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\6FZ2C3WV\app.mam.conduit[1].xml
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\apps.search.conduit[1].xml
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\facebook.conduitapps[1].xml
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\fastcontent.conduit[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5IUPICTU\facebook.conduitapps[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\app.mam.conduit[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\cap1.conduit-apps[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.conduit[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\apps.search.conduit[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\fastcontent.conduit[1].xml
C:\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\www.wajam[1].xml
C:\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.babylon[1].xml
C:\Users\Chuck\AppData\Local\Packages\windows_ie_ac_001\AC\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat
C:\Users\Chuck\AppData\LocalLow\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat
C:\Users\Chuck\Downloads\B13D.tmp
C:\Users\Chuck\Downloads\F6F.tmp
C:\Users\Chuck\Downloads\A22B.tmp
C:\Users\Chuck\Downloads\FBDA.tmp
C:\Users\Chuck\Downloads\80DB.tmp
C:\Users\Chuck\Downloads\5BD8.tmp
C:\Users\Chuck\Downloads\D4F1.tmp
C:\Users\Chuck\Downloads\DD32.tmp
C:\Users\Chuck\Downloads\6785.tmp
C:\Users\Chuck\Downloads\8B61.tmp
C:\Users\Chuck\Downloads\13D8.tmp
C:\Users\Chuck\Downloads\C0B4.tmp
C:\Users\Chuck\Downloads\61D6.tmp
C:\Users\Chuck\Downloads\7D5D.tmp
C:\Users\Chuck\Downloads\DFF7.tmp
C:\Users\Chuck\Downloads\7291.tmp
C:\Users\Chuck\Downloads\1458.tmp
C:\Users\Chuck\Downloads\B586.tmp
C:\Users\Chuck\Downloads\56F3.tmp
C:\Users\Chuck\Downloads\F801.tmp
C:\Users\Chuck\Downloads\996F.tmp
C:\Users\Chuck\Downloads\3A98.tmp
C:\Users\Chuck\Downloads\DB2B.tmp
C:\Users\Chuck\Downloads\7C68.tmp
C:\Users\Chuck\Downloads\C182.tmp
C:\Users\Chuck\Downloads\1E21.tmp
C:\Users\Chuck\Downloads\A75C.tmp
C:\Users\Chuck\Downloads\60D7.tmp
C:\Users\Chuck\Downloads\1F4.tmp
C:\Users\Chuck\Downloads\EF28.tmp
C:\Users\Chuck\Downloads\58F3.tmp
C:\Users\Chuck\Downloads\DF6F.tmp
C:\Users\Chuck\Downloads\9C33.tmp
C:\Users\Chuck\Downloads\80F.tmp
C:\Users\Chuck\Downloads\4E41.tmp
C:\Users\Chuck\Downloads\89CA.tmp
C:\Users\Chuck\Downloads\EB2C.tmp
C:\Users\Chuck\Downloads\A487.tmp
C:\Users\Chuck\Downloads\4F3C.tmp
C:\Users\Chuck\Downloads\E3C2.tmp
C:\Users\Chuck\Downloads\5989.tmp
C:\Users\Chuck\Downloads\FB85.tmp
C:\Users\Chuck\Downloads\6EED.tmp
C:\Users\Chuck\Downloads\88B2.tmp
C:\Users\Chuck\Downloads\1EBD.tmp
C:\Users\Chuck\Downloads\79B9.tmp
C:\Users\Chuck\Downloads\4FD9.tmp
C:\Users\Chuck\Downloads\F983.tmp
C:\Users\Chuck\Downloads\CA44.tmp
C:\Users\Chuck\Downloads\9D29.tmp
C:\Users\Chuck\Downloads\733D.tmp
C:\Users\Chuck\Downloads\21D2.tmp
C:\Users\Chuck\Downloads\6E96.tmp
C:\Users\Chuck\Downloads\EA7B.tmp
C:\Users\Chuck\Downloads\4B2D.tmp
C:\Users\Chuck\Downloads\270C.tmp
C:\Users\Chuck\Downloads\6DA.tmp
C:\Users\Chuck\Downloads\92B1.tmp
C:\Users\Chuck\Downloads\2730.tmp
C:\Users\Chuck\Downloads\B190.tmp
C:\Users\Chuck\Downloads\46CA.tmp
C:\Users\Chuck\Downloads\C90F.tmp
C:\Users\Chuck\Downloads\8458.tmp
C:\Users\Chuck\Downloads\903.tmp
C:\Users\Chuck\Downloads\FB0D.tmp
C:\Users\Chuck\Downloads\6534.tmp
C:\Users\Chuck\Downloads\216F.tmp
C:\Users\Chuck\Downloads\BA96.tmp
C:\Users\Chuck\Downloads\26FD.tmp
C:\Users\Chuck\Downloads\9C29.tmp
C:\Users\Chuck\Downloads\70E6.tmp
C:\Users\Chuck\Downloads\DC9.tmp
C:\Users\Chuck\Downloads\87BC.tmp
C:\Users\Chuck\Downloads\B587.tmp
C:\Users\Chuck\Downloads\791F.tmp
C:\Users\Chuck\Downloads\4B44.tmp
C:\Users\Chuck\Downloads\F470.tmp
C:\Users\Chuck\Downloads\E810.tmp
C:\Users\Chuck\Downloads\6F0A.tmp
C:\Users\Chuck\Downloads\DF8E.tmp
C:\Users\Chuck\Downloads\638A.tmp
C:\Users\Chuck\Downloads\BE33.tmp
C:\Users\Chuck\Downloads\3264.tmp
C:\Users\Chuck\Downloads\A57D.tmp
C:\Users\Chuck\Downloads\5E8.tmp
C:\Users\Chuck\Downloads\3D52.tmp
C:\Users\Chuck\Downloads\A39E.tmp
C:\Users\Chuck\Downloads\3950.tmp
C:\Users\Chuck\Downloads\B1B.tmp
C:\Users\Chuck\Downloads\DEFA.tmp
C:\Users\Chuck\Downloads\74FC.tmp
C:\Users\Chuck\Downloads\48F4.tmp
C:\Users\Chuck\Downloads\B80B.tmp
C:\Users\Chuck\Downloads\2A3E.tmp
C:\Users\Chuck\Downloads\8618.tmp
C:\Users\Chuck\Downloads\F01D.tmp
C:\Users\Chuck\Downloads\548C.tmp
C:\Users\Chuck\Downloads\BEE5.tmp
C:\Users\Chuck\Downloads\8AED.tmp
C:\Users\Chuck\Downloads\2107.tmp
C:\Users\Chuck\Downloads\395E.tmp
C:\Users\Chuck\Downloads\BAB0.tmp
C:\Users\Chuck\Downloads\3374.tmp
C:\Users\Chuck\Downloads\B693.tmp
C:\Users\Chuck\Downloads\8ED2.tmp
C:\Users\Chuck\Downloads\74A.tmp
C:\Users\Chuck\Downloads\806C.tmp
C:\Users\Chuck\Downloads\7A02.tmp
C:\Users\Chuck\Downloads\3971.tmp
C:\Users\Chuck\Downloads\FD73.tmp
C:\Users\Chuck\Downloads\C665.tmp
C:\Users\Chuck\Downloads\81D3.tmp
C:\Users\Chuck\Downloads\43B3.tmp
C:\Users\Chuck\Downloads\CC93.tmp
C:\Users\Chuck\Downloads\96F0.tmp
C:\Users\Chuck\Downloads\6CF.tmp
C:\Users\Chuck\Downloads\6CDB.tmp
C:\Users\Chuck\Downloads\9271.tmp
C:\Users\Chuck\Downloads\C88F.tmp
C:\Users\Chuck\Downloads\2DF5.tmp
C:\Users\Chuck\Downloads\686A.tmp
C:\Users\Chuck\Downloads\2E4.tmp
C:\Users\Chuck\Downloads\A627.tmp
C:\Users\Chuck\Downloads\A66E.tmp
C:\Users\Chuck\Downloads\7BE8.tmp
C:\Users\Chuck\Downloads\4521.tmp
C:\Users\Chuck\Downloads\Setup_OSU (99).exe
C:\Users\Chuck\Downloads\Setup_OSU (98).exe
C:\Users\Chuck\Downloads\Setup_OSU (97).exe
C:\Users\Chuck\Downloads\Setup_OSU (100).exe
C:\Users\Chuck\Downloads\Setup_OSU (96).exe
C:\Users\Chuck\Downloads\Setup_OSU (95).exe
C:\Users\Chuck\Downloads\Setup_OSU (94).exe
C:\Users\Chuck\Downloads\Setup_OSU (93).exe
C:\Users\Chuck\Downloads\Setup_OSU (92).exe
C:\Users\Chuck\Downloads\Setup_OSU (91).exe
C:\Users\Chuck\Downloads\Setup_OSU (90).exe
C:\Users\Chuck\Downloads\Setup_OSU (89).exe
C:\Users\Chuck\Downloads\Setup_OSU (88).exe
C:\Users\Chuck\Downloads\Setup_OSU (87).exe
C:\Users\Chuck\Downloads\Setup_OSU (86).exe
C:\Users\Chuck\Downloads\Setup_OSU (85).exe
C:\Users\Chuck\Downloads\Setup_OSU (84).exe
C:\Users\Chuck\Downloads\Setup_OSU (83).exe
C:\Users\Chuck\Downloads\Setup_OSU (82).exe
C:\Users\Chuck\Downloads\Setup_OSU (81).exe
C:\Users\Chuck\Downloads\Setup_OSU (80).exe
C:\Users\Chuck\Downloads\Setup_OSU (79).exe
C:\Users\Chuck\Downloads\Setup_OSU (78).exe
C:\Users\Chuck\Downloads\Setup_OSU (77).exe
C:\Users\Chuck\Downloads\Setup_OSU (76).exe
C:\Users\Chuck\Downloads\Setup_OSU (75).exe
C:\Users\Chuck\Downloads\Setup_OSU (74).exe
C:\Users\Chuck\Downloads\Setup_OSU (73).exe
C:\Users\Chuck\Downloads\Setup_OSU (72).exe
C:\Users\Chuck\Downloads\Setup_OSU (71).exe
C:\Users\Chuck\Downloads\Setup_OSU (70).exe
C:\Users\Chuck\Downloads\Setup_OSU (69).exe
C:\Users\Chuck\Downloads\Setup_OSU (68).exe
C:\Users\Chuck\Downloads\Setup_OSU (67).exe
C:\Users\Chuck\Downloads\Setup_OSU (66).exe
C:\Users\Chuck\Downloads\Setup_OSU (65).exe
C:\Users\Chuck\Downloads\Setup_OSU (64).exe
C:\Users\Chuck\Downloads\Setup_OSU (63).exe
C:\Users\Chuck\Downloads\Setup_OSU (62).exe
C:\Users\Chuck\Downloads\Setup_OSU (61).exe
C:\Users\Chuck\Downloads\Unconfirmed 786465.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 237379.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 99500.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 770871.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 770658.crdownload
C:\Users\Chuck\Downloads\Unconfirmed 641506.crdownload
C:\Users\Chuck\Downloads\FinallyFast.setup (1).exe
C:\Users\Chuck\Downloads\Unconfirmed 656717.crdownload
C:\Users\Chuck\Downloads\FinallyFast.setup.exe
C:\Users\Chuck\Downloads\Setup_OSU (60).exe
C:\Users\Chuck\Downloads\Setup_OSU (59).exe
C:\Users\Chuck\Downloads\Setup_OSU (57).exe
C:\Users\Chuck\Downloads\Setup_OSU (58).exe
C:\Users\Chuck\Downloads\Setup_OSU (55).exe
C:\Users\Chuck\Downloads\Setup_OSU (56).exe
C:\Users\Chuck\Downloads\Setup_OSU (54).exe
C:\Users\Chuck\Downloads\Setup_OSU (53).exe
C:\Users\Chuck\Downloads\Setup_OSU (52).exe
C:\Users\Chuck\Downloads\Setup_OSU (51).exe
C:\Users\Chuck\Downloads\Setup_OSU (50).exe
C:\Users\Chuck\Downloads\Setup_OSU (49).exe
C:\Users\Chuck\Downloads\Setup_OSU (48).exe
C:\Users\Chuck\Downloads\Setup_OSU (47).exe
C:\Users\Chuck\Downloads\Setup_OSU (46).exe
C:\Users\Chuck\Downloads\Setup_OSU (45).exe
C:\Users\Chuck\Downloads\Setup_OSU (44).exe
C:\Users\Chuck\Downloads\Setup_OSU (43).exe
C:\Users\Chuck\Downloads\Setup_OSU (40).exe
C:\Users\Chuck\Downloads\Setup_OSU (42).exe
C:\Users\Chuck\Downloads\Setup_OSU (41).exe
C:\Users\Chuck\Downloads\Setup_OSU (39).exe
C:\Users\Chuck\Downloads\Setup_OSU (38).exe
C:\Users\Chuck\Downloads\Setup_OSU (36).exe
C:\Users\Chuck\Downloads\Setup_OSU (37).exe
C:\Users\Chuck\Downloads\Setup_OSU (34).exe
C:\Users\Chuck\Downloads\Setup_OSU (35).exe
C:\Users\Chuck\Downloads\Setup_OSU (33).exe
C:\Users\Chuck\Downloads\Setup_OSU (32).exe
C:\Users\Chuck\Downloads\Setup_OSU (31).exe
C:\Users\Chuck\Downloads\Setup_OSU (30).exe
C:\Users\Chuck\Downloads\Setup_OSU (29).exe
C:\Users\Chuck\Downloads\Setup_OSU (28).exe
C:\Users\Chuck\Downloads\Setup_OSU (27).exe
C:\Users\Chuck\Downloads\Setup_OSU (26).exe
C:\Users\Chuck\Downloads\Setup_OSU (25).exe
C:\Users\Chuck\Downloads\Setup_OSU (24).exe
C:\Users\Chuck\Downloads\Setup_OSU (23).exe
C:\Users\Chuck\Downloads\Setup_OSU (22).exe
C:\Users\Chuck\Downloads\Setup_OSU (21).exe
C:\Users\Chuck\Downloads\Setup_OSU (20).exe
C:\Users\Chuck\Downloads\Setup_OSU (19).exe
C:\Users\Chuck\Downloads\Setup_OSU (18).exe
C:\Users\Chuck\Downloads\Setup_OSU (17).exe
C:\Users\Chuck\Downloads\Setup_OSU (16).exe
C:\Users\Chuck\Downloads\Setup_OSU (15).exe
C:\Users\Chuck\Downloads\Setup_OSU (14).exe
C:\Users\Chuck\Downloads\Setup_OSU (13).exe
C:\Users\Chuck\Downloads\Setup_OSU (12).exe
C:\Users\Chuck\Downloads\Setup_OSU (11).exe
C:\Users\Chuck\Downloads\Setup_OSU (10).exe
C:\Users\Chuck\Downloads\Setup_OSU (9).exe
C:\Users\Chuck\Downloads\Setup_OSU (8).exe
C:\Users\Chuck\Downloads\Setup_OSU (7).exe
C:\Users\Chuck\Downloads\Setup_OSU (6).exe
C:\Users\Chuck\Downloads\Setup_OSU (5).exe
C:\Users\Chuck\Downloads\Setup_OSU (4).exe
C:\Users\Chuck\Downloads\Setup_OSU (3).exe
C:\Users\Chuck\Downloads\Setup_OSU (2).exe
C:\Users\Chuck\Downloads\Unconfirmed 491.crdownload
C:\Users\Chuck\Downloads\Setup_OSU (1).exe
C:\Users\Chuck\Downloads\Setup_OSU.exe
C:\Users\Chuck\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\extensions\[email protected]
Folder::
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3289663
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3291327
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3310511
C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3315828
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
C:\Users\Chuck\AppData\LocalLow\InternetHelper3.7
C:\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent
C:\RestoreSony\C\Users\Owner\Documents\Tencent Files
C:\RestoreSony\C\Users\Public\Documents\Tencent
C:\Users\Chuck\Documents\Tencent Files
C:\Users\OLD Computer\C\Users\Owner\Documents\Tencent Files
C:\Users\Public\Documents\Tencent
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifcpmlipdckkgahcekdccikeddjgnbl
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncmagbhmnlmppimlagabdnhhlbclman
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajadlheagenmmedmhaoafgkdenfilcme
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimlgpidjkiedgndbhjbalobolmjilei
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\LemurLeap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\UpdateLemurLeap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\UtilLemurLeap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Update LemurLeap]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\UtilLemurLeap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\UpdateLemurLeap]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\UtilLemurLeap]
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\LemurLeap]
[-HKEY_CURRENT_USER\Software\SearchProtectDetection]
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\SearchProtectDetection]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A210A55-1C52-42DC-98B9-83FCB53BCB36}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5B8712-95AE-485B-8803-FA1772C6F210}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359E7DB2-51B9-443C-A5D4-3AF2C8649468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6CA955F-DF1E-442C-BDA4-DEE2B5209008}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewerV1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MediaViewV1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifcpmlipdckkgahcekdccikeddjgnbl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jncmagbhmnlmppimlagabdnhhlbclman]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670537B1-ED68-4175-ACE1-396A82F97BC8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A5170C-8FC0-4357-A33B-3A2E98CEF9CD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FD1DD379D15DBB646BCA5D66711D331C]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Iminent]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\InternetHelper3.1]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\InternetHelper3.7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5B8712-95AE-485B-8803-FA1772C6F210}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3F3B40-CD6C-412B-BA37-1A2DCCBA3885}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEAF6A20-B0C5-4083-8E5B-70F711DE073D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6CA955F-DF1E-442C-BDA4-DEE2B5209008}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}]
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\AppDataLow\Software\InternetHelper3.1]
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\AppDataLow\Software\InternetHelper3.7]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\KeyBar_1.14]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359E7DB2-51B9-443C-A5D4-3AF2C8649468}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9595551E-31CC-4533-A454-D399B7791835}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar 1.14 Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.14 Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}]
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\KeyBar_1.14]
[HKEY_CURRENT_USER\Software\Classes\EMOTION.File\DefaultIcon]
@=-
[HKEY_CURRENT_USER\Software\Classes\EMOTION.File\shell\open\command]
@=-
[HKEY_CURRENT_USER\Software\Classes\EMOTION.Package\DefaultIcon]
@=-
[HKEY_CURRENT_USER\Software\Classes\EMOTION.Package\shell\open\command]
@=-
[-HKEY_CURRENT_USER\Software\Classes\Tencent]
[HKEY_CURRENT_USER\Software\Classes\THEMEX.Package\DefaultIcon]
@=-
[HKEY_CURRENT_USER\Software\Classes\THEMEX.Package\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5318D0E8-A003-446A-B66C-5E5E652ACB24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EAAED308-7322-4b9b-965E-171933ADD473}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5318D0E8-A003-446A-B66C-5E5E652ACB24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EAAED308-7322-4b9b-965E-171933ADD473}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.File\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.File\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.Package\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\EMOTION.Package\shell\open\command]
@=-
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\Tencent]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\THEMEX.Package\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Classes\THEMEX.Package\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.File\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.File\shell\open\command]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.Package\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\EMOTION.Package\shell\open\command]
@=-
[-HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\Tencent]
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\THEMEX.Package\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001_Classes\THEMEX.Package\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\DefaultTabToolbarBHO.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4DC2F78D-313E-4d41-A29D-F56BEBE0D75E}]
@=-
[-HKEY_USERS\.DEFAULT\Software\DefaultTab]
[-HKEY_USERS\S-1-5-18\Software\DefaultTab]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BetterSurf Plus V1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ajadlheagenmmedmhaoafgkdenfilcme]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iimlgpidjkiedgndbhjbalobolmjilei]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WebexpEnhancedV1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WebexpEnhanced]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jncmagbhmnlmppimlagabdnhhlbclman]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Better-Surf]
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*










Refering to the picture above, drag CFScript into ComboFix.exe

It may take a while to run, so grab a cuppa whilst you wait.

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

It may be very large, so upload it as before. If its too large, just split it when you upload, its okay if its a few txt files 

eddie


----------



## Frustrated1636 (Oct 25, 2012)

Hey Eddie,

Here it is. Hopefully I can upload in one....


----------



## eddie5659 (Mar 19, 2001)

Thanks, looks like a lot has gone 

As I'm not around tonight, can you check in AddRemove Programs and see if you can see DII Files Fixer and DM Uninstaller. It looks like they have been removed as they didn't actually exist.

If so, I'll create a new systemLook log for you to run tomorrow morning. Again, do it over 3 runs, but hopefully they should be very short for each


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

When I click on DII Fixer and DM Uninstaller it says 'error has occurred and the programs may have already been uninstalled.' So I guess you got them! Thanks again for all your help!

Regards,

Greg


----------



## eddie5659 (Mar 19, 2001)

Hi

Was away for the long weekend, so finally getting to reply now 

That's good to hear they're gone, but when you click on them, do they say that they can just be removed?

Now, lets see what we have left. Like I said, this should be quicker to run, and not yield as many results (he says) 

Using SystemLook again, run the following scans:


```
:filefind
*LuckLeap*.*
*LemurLeap*.*
*SearchProtect*.*
*conduit*.*
*Wajam*.*
*jpmbfleldcgkldadpdinhjjopdfpjfjp*.*
*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*.*
*babylon*.*
*snap.do*.*
*bProtector*.*
*MySearch*.*
*Media View*.*
*MediaView*.*
*Media Viewer*.*
*MediaViewer*.*
*SmARtCompare*.*
*knmafenhackomkdiaggnceblhfomhofe*.*
*DealPly*.*
*I Want This*.*
*Iminent*.*
*InternetHelper*.*
*KeyBar*.*
*Optimizer*.*
*LyricsSing*.*
*Tencent*.*
*DefaultTab*.*
*BetterSurf*.*
*WebexpEnhanced*.*
*jncmagbhmnlmppimlagabdnhhlbclman*.*
*better-surf*.*
*N1yiPr_Rfs*.*
*qafEv57pd*.*
*DLL Fixer*.*
*DM Uninstaller*.*
```


```
:folderfind
*LuckLeap*
*LemurLeap*
*SearchProtect*
*conduit*
C:\Users\Chuck\AppData\Local\GCC*
*Wajam*
*jpmbfleldcgkldadpdinhjjopdfpjfjp*
*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*
*babylon*
*snap.do*
*bProtector*
*MySearch*
*Media View*
*MediaView*
*Media Viewer*
*MediaViewer*
*SmARtCompare*
*knmafenhackomkdiaggnceblhfomhofe*
*DealPly*
*I Want This*
*Iminent*
*InternetHelper*
*KeyBar*
*Optimizer*
*LyricsSing*
*Tencent*
*DefaultTab*
*BetterSurf*
*WebexpEnhanced*
*jncmagbhmnlmppimlagabdnhhlbclman*
*better-surf*
*poheodfamflhhhdcmjfeggbgigeefaco*
*N1yiPr_Rfs*
*qafEv57pd*
*DLL Fixer*
*DM Uninstaller*
```


```
:regfind
LuckLeap
LemurLeap
SearchProtect
conduit
Wajam
jpmbfleldcgkldadpdinhjjopdfpjfjp
5a95a9e0-59dd-4314-bd84-4d18ca83a0e2
babylon
snap.do
bProtector
MySearch
Media View
MediaView
Media Viewer
MediaViewer
SmARtCompare
knmafenhackomkdiaggnceblhfomhofe
DealPly
I Want This
Iminent
InternetHelper
KeyBar
Optimizer
LyricsSing
Tencent
DefaultTab
BetterSurf
WebexpEnhanced
jncmagbhmnlmppimlagabdnhhlbclman
0C7C23EF-A848-485B-873C-0ED954731014
A57E074F-56D8-4A33-8112-AAC9693AA909
DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH
better-surf
N1yiPr_Rfs
qafEv57pd
DLL Fixer
DM Uninstaller
:dir
C:\Users\Chuck\Downloads
```
------------------

Then, after doing all that, can you do this with OTL, to see whats left:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open only one notepad window, *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

My apologies also, been out of pocket. Here are the results of the three system scans. I will now run OTL and post those in separate reply. Thanks!

System Look Run #1

SystemLook 30.07.11 by jpshortstuff
Log created at 13:02 on 12/05/2014 by Chuck
Administrator - Elevation successful

========== filefind ==========

Searching for "*LuckLeap*.*"
No files found.

Searching for "*LemurLeap*.*"
No files found.

Searching for "*SearchProtect*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\ChromeExtData\jhbbmmgbnjalccamlaefhepnajfmgopb\Repository\CT3315828.searchProtectorData.txt.vir --a---- 1694 bytes [20:27 28/11/2013] [20:27 28/11/2013] 08E346F5466F2900FDAECAF3503CCA97
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\ChromeExtData\nemfjadlboooiffmcelkafilagddogim\Repository\CT3289663.searchProtectorData.txt.vir --a---- 1630 bytes [12:09 19/10/2013] [12:10 19/10/2013] F9D0874659257340A2608FD2E07E4337
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3289663\CT3289663.searchProtectorData.vir --a---- 1288 bytes [21:47 09/11/2013] [01:33 15/12/2013] A3A502A991E8315378F3B231744B0560
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3291327\CT3291327.searchProtectorData.vir --a---- 1148 bytes [21:47 09/11/2013] [01:33 15/12/2013] 61A566A5B691692C3CA15908F1E93682
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3310511\CT3310511.searchProtectorData.vir --a---- 1147 bytes [21:47 09/11/2013] [01:33 15/12/2013] 9DABA00171415A99A9EE581A5CA3D80F
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3315828\CT3315828.searchProtectorData.vir --a---- 1289 bytes [21:31 13/11/2013] [01:33 15/12/2013] AA386D4867C37CCAA35D7A9F76AD7BA3

Searching for "*conduit*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal.vir --a---- 8768 bytes [19:52 28/11/2013] [16:23 05/01/2014] 3E78ACE919CC98C6E4E38F4D6003D4F0
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage.vir --a---- 8192 bytes [19:52 28/11/2013] [16:23 05/01/2014] A45EE65BF592E3432F0FCAB187749EB1
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal.vir --a---- 7736 bytes [00:06 15/12/2013] [04:29 05/01/2014] 4BCFCB303B51F198FE9D88B962A1B93E
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage.vir --a---- 7168 bytes [00:06 15/12/2013] [04:29 05/01/2014] F3733DB0EF321CCB5A0C034D966C94D2
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [18:11 15/12/2013] [14:15 05/01/2014] 15133E7411262109A3CC78DBE335D0E0
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage.vir --a---- 3072 bytes [18:11 15/12/2013] [14:15 05/01/2014] 095C74F69DCC712B232031A13E093961
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1776362_1766903_US.xml.vir --a---- 190 bytes [21:27 17/08/2013] [16:44 22/09/2013] C4E38311DCB60C23DF76F369C774C4DF
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1795305_1785846_US.xml.vir --a---- 188 bytes [23:31 21/09/2013] [16:44 22/09/2013] 1F9350FC5FB428C47594C33AFC92DECD
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\6FZ2C3WV\app.mam.conduit[1].xml.vir --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\apps.search.conduit[1].xml.vir --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\facebook.conduitapps[1].xml.vir --a---- 13 bytes [04:15 18/08/2013] [04:15 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\AUHTCCOR\fastcontent.conduit[1].xml.vir --a---- 734 bytes [04:15 18/08/2013] [04:16 18/08/2013] 4230D32E6E153B738338A3E26A4E56D3
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5IUPICTU\facebook.conduitapps[1].xml.vir --a---- 13 bytes [18:20 17/08/2013] [18:20 17/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\app.mam.conduit[1].xml.vir --a---- 253 bytes [18:20 17/08/2013] [23:31 21/09/2013] 77C0E4952439F7B5D17A54C903FAC237
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\cap1.conduit-apps[1].xml.vir --a---- 13 bytes [23:31 21/09/2013] [23:31 21/09/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.conduit[1].xml.vir --a---- 13 bytes [00:18 18/08/2013] [00:18 18/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\apps.search.conduit[1].xml.vir --a---- 13 bytes [18:22 17/08/2013] [18:22 17/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\JFI4YOZG\fastcontent.conduit[1].xml.vir --a---- 912 bytes [20:41 17/08/2013] [01:57 22/09/2013] BCA13D3EAF2CC67244E326A8CF5A9480
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3289663\conduit.xml.vir --a---- 1001 bytes [21:48 09/11/2013] [21:48 09/11/2013] 0951CA88C71CD3DFEB93A52431C9B7A9
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3291327\conduit.xml.vir --a---- 989 bytes [21:48 09/11/2013] [21:48 09/11/2013] 9325B1E60897ED97D18E64905DDD9904
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3310511\conduit.xml.vir --a---- 987 bytes [21:48 09/11/2013] [21:48 09/11/2013] A842DB5227C2EAD6A18D2E2E94A38AFB
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\CT3315828\conduit.xml.vir --a---- 850 bytes [01:31 15/12/2013] [01:31 15/12/2013] 5A5855AA374E010D6387C66BD1E7A176

Searching for "*Wajam*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\META-INF\WajamsCOMODOCALimitedID.rsa.vir --a---- 4361 bytes [21:05 07/02/2013] [21:05 07/02/2013] A60896D2FAD2AC8FF622EB3D9A591319
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\META-INF\WajamsCOMODOCALimitedID.sf.vir --a---- 893 bytes [21:05 07/02/2013] [21:05 07/02/2013] 7B05719BA609666ED76D8138CAC76314
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Internet Explorer\DOMStore\9V91KO9M\www.wajam[1].xml.vir --a---- 85 bytes [17:37 17/08/2013] [17:37 17/08/2013] C18E91C0AF873CC0C3E2814C0FA5A795

Searching for "*jpmbfleldcgkldadpdinhjjopdfpjfjp*.*"
No files found.

Searching for "*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*.*"
No files found.

Searching for "*babylon*.*"
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DWUYJJOU\search.babylon[1].xml.vir --a---- 750 bytes [21:09 29/06/2013] [01:49 30/06/2013] 372649A082CB830B24B4017FC12A78CF
C:\Users\Chuck\Favorites\Golden Gate Project\y = k x ^2 - Babylon Yahoo! Search Results.url --a---- 393 bytes [00:42 21/04/2013] [19:59 11/04/2014] C8527FBF3E2CCB9A31540987657C7387

Searching for "*snap.do*.*"
No files found.

Searching for "*bProtector*.*"
No files found.

Searching for "*MySearch*.*"
No files found.

Searching for "*Media View*.*"
No files found.

Searching for "*MediaView*.*"
No files found.

Searching for "*Media Viewer*.*"
No files found.

Searching for "*MediaViewer*.*"
No files found.

Searching for "*SmARtCompare*.*"
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Packages\windows_ie_ac_001\AC\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat.vir --a---- 144 bytes [21:42 25/02/2014] [21:42 25/02/2014] 23C308104C1D6D78C20D4A3FB3F183E8
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\{5D191057-EF05-8603-64F5-9C4AB9975009}\SmARtCompare.2.7.dat.vir --a---- 148 bytes [21:42 25/02/2014] [21:42 25/02/2014] 868C21B68A279F35B601E60E9CB7B84E

Searching for "*knmafenhackomkdiaggnceblhfomhofe*.*"
No files found.

Searching for "*DealPly*.*"
C:\AdwCleaner\Quarantine\C\windows\System32\Tasks\Dealply.vir --a---- 3280 bytes [13:55 15/12/2013] [13:55 15/12/2013] 338304EA9398F7AD1FC3A8D292815DC7
C:\AdwCleaner\Quarantine\C\windows\System32\Tasks\DealPlyUpdate.vir --a---- 3366 bytes [13:55 15/12/2013] [13:55 15/12/2013] A0B2DCD9A0269DC586A3DC2AA8895CA3
C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.93_0\extensionData\plugins\102_dealply_m.js.vir --a---- 2247 bytes [09:43 04/02/2014] [09:43 04/02/2014] FEF39E0386D6094AF47A936CAAC7C00D

Searching for "*I Want This*.*"
No files found.

Searching for "*Iminent*.*"
No files found.

Searching for "*InternetHelper*.*"
No files found.

Searching for "*KeyBar*.*"
No files found.

Searching for "*Optimizer*.*"
C:\Program Files (x86)\Lenovo\Boot Optimizer\Lenovo EE Boot Optimizer.ico --a---- 46878 bytes [23:08 11/10/2011] [23:08 11/10/2011] 420C0D27880E57B1BF0EB79F8832F473
C:\Program Files (x86)\Lenovo\Boot Optimizer\china\BootOptimizer.chm --a---- 79835 bytes [23:08 11/10/2011] [23:08 11/10/2011] EE582A5C84FF2D89B6E6D7D2602B5BC8
C:\Program Files (x86)\Lenovo\Boot Optimizer\Czech\BootOptimizer.chm --a---- 257345 bytes [23:08 11/10/2011] [23:08 11/10/2011] CA469C17DB46F11A4BE29E5724D8932D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Danish\BootOptimizer.chm --a---- 236591 bytes [23:08 11/10/2011] [23:08 11/10/2011] EE7F52963595C51BD24ED1D6963487DF
C:\Program Files (x86)\Lenovo\Boot Optimizer\Dutch\BootOptimizer.chm --a---- 265005 bytes [23:08 11/10/2011] [23:08 11/10/2011] 1852FD74B73EA19DDF15FD672F7A7B63
C:\Program Files (x86)\Lenovo\Boot Optimizer\English\BootOptimizer.chm --a---- 312649 bytes [23:08 11/10/2011] [23:08 11/10/2011] 85831A55F93E96360FB0C2094B90E040
C:\Program Files (x86)\Lenovo\Boot Optimizer\Finnish\BootOptimizer.chm --a---- 262179 bytes [23:08 11/10/2011] [23:08 11/10/2011] 57D9580114E4DC38F0717EEEABCBB787
C:\Program Files (x86)\Lenovo\Boot Optimizer\french\BootOptimizer.chm --a---- 167219 bytes [23:08 11/10/2011] [23:08 11/10/2011] 5B0DD8A8B47990FB5E600ADC0B83EDC7
C:\Program Files (x86)\Lenovo\Boot Optimizer\German\BootOptimizer.chm --a---- 261831 bytes [23:08 11/10/2011] [23:08 11/10/2011] 582E60D0A0FA93F90EF1E9C0294F010D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Greek\BootOptimizer.chm --a---- 295963 bytes [23:08 11/10/2011] [23:08 11/10/2011] 248673AC9380E0FBCEA1A59EEF89B46C
C:\Program Files (x86)\Lenovo\Boot Optimizer\Hungarian\BootOptimizer.chm --a---- 269619 bytes [23:08 11/10/2011] [23:08 11/10/2011] 2A5D833675EE2A39B08A3763706CA381
C:\Program Files (x86)\Lenovo\Boot Optimizer\Italy\BootOptimizer.chm --a---- 247411 bytes [23:08 11/10/2011] [23:08 11/10/2011] A3B19B4FDE8E0F82A9A3CE9C9E66BC08
C:\Program Files (x86)\Lenovo\Boot Optimizer\Japan\BootOptimizer.chm --a---- 231779 bytes [23:08 11/10/2011] [23:08 11/10/2011] 897ADBA898E67F16A004A57FEDD6F1B5
C:\Program Files (x86)\Lenovo\Boot Optimizer\Korean\BootOptimizer.chm --a---- 217331 bytes [23:08 11/10/2011] [23:08 11/10/2011] DEB9DCA11F8AC348A6323E522C90FB5E
C:\Program Files (x86)\Lenovo\Boot Optimizer\Norwegian\BootOptimizer.chm --a---- 260579 bytes [23:08 11/10/2011] [23:08 11/10/2011] 4E258B91988C871A1A855B58CEA7A974
C:\Program Files (x86)\Lenovo\Boot Optimizer\Polish\BootOptimizer.chm --a---- 278667 bytes [23:08 11/10/2011] [23:08 11/10/2011] F4B5CE0CD399945EA18D82D8D2C1ABD0
C:\Program Files (x86)\Lenovo\Boot Optimizer\Portuguese\BootOptimizer.chm --a---- 248883 bytes [23:08 11/10/2011] [23:08 11/10/2011] AD9593DD16FDB011D41A10F192B48525
C:\Program Files (x86)\Lenovo\Boot Optimizer\PT-BR\BootOptimizer.chm --a---- 271899 bytes [23:08 11/10/2011] [23:08 11/10/2011] D0CA1758177C8488A3B2FDBB9547FBA8
C:\Program Files (x86)\Lenovo\Boot Optimizer\Russia\BootOptimizer.chm --a---- 263661 bytes [23:08 11/10/2011] [23:08 11/10/2011] 35407297C44906756BE55842768CA94F
C:\Program Files (x86)\Lenovo\Boot Optimizer\Spanish\BootOptimizer.chm --a---- 263935 bytes [23:08 11/10/2011] [23:08 11/10/2011] 7EE731E5503A1A6FF27E80452BB8642D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Swedish\BootOptimizer.chm --a---- 256007 bytes [23:08 11/10/2011] [23:08 11/10/2011] A08510293CCC991CD1D93B27359C8852
C:\Program Files (x86)\Lenovo\Boot Optimizer\Tradition\BootOptimizer.chm --a---- 212649 bytes [23:08 11/10/2011] [23:08 11/10/2011] 0FB4D1CD1F8D0DB78F49CC55B0F5C74D
C:\Program Files (x86)\Lenovo\Boot Optimizer\Turkish\BootOptimizer.chm --a---- 238209 bytes [23:08 11/10/2011] [23:08 11/10/2011] 9CFB6F09791AFC250DAC52A571424831
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo EE Boot Optimizer.lnk --a---- 2101 bytes [23:08 11/10/2011] [23:08 11/10/2011] 974C5F022E2505C86A6E327A63EBB7CC
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo EE Boot Optimizer.lnk --a---- 2101 bytes [23:08 11/10/2011] [23:08 11/10/2011] 974C5F022E2505C86A6E327A63EBB7CC
C:\Users\Public\Desktop\Lenovo EE Boot Optimizer.lnk --a---- 2083 bytes [23:08 11/10/2011] [23:08 11/10/2011] 766750C12BC14D1A27712F02F839AFD8

Searching for "*LyricsSing*.*"
No files found.

Searching for "*Tencent*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe.vir --a---- 845176 bytes [16:35 07/03/2014] [16:35 07/03/2014] 29D88971E1AF8299ED42DF6988B86681

Searching for "*DefaultTab*.*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\defaulttab.config.vir --a---- 15463 bytes [21:38 27/02/2014] [21:38 27/02/2014] BCA50D03C9C1AC27953F0E332893149C
C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll.vir --a---- 254976 bytes [22:54 26/10/2013] [06:00 30/11/1979] B59210158C1ADE09DAE878E3C3D9DD72

Searching for "*BetterSurf*.*"
No files found.

Searching for "*WebexpEnhanced*.*"
No files found.

Searching for "*jncmagbhmnlmppimlagabdnhhlbclman*.*"
No files found.

Searching for "*better-surf*.*"
No files found.

Searching for "*N1yiPr_Rfs*.*"
No files found.

Searching for "*qafEv57pd*.*"
No files found.

Searching for "*DLL Fixer*.*"
No files found.

Searching for "*DM Uninstaller*.*"
No files found.

-= EOF =-

*System Look Run #2*

SystemLook 30.07.11 by jpshortstuff
Log created at 13:08 on 12/05/2014 by Chuck
Administrator - Elevation successful

========== folderfind ==========

Searching for "*LuckLeap*"
No folders found.

Searching for "*LemurLeap*"
No folders found.

Searching for "*SearchProtect*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\SearchProtect d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Local\SearchProtect\SearchProtect d------ [19:54 11/04/2014]

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\Conduit d------ [19:54 11/04/2014]

Searching for "C:\Users\Chuck\AppData\Local\GCC*"
No folders found.

Searching for "*Wajam*"
No folders found.

Searching for "*jpmbfleldcgkldadpdinhjjopdfpjfjp*"
No folders found.

Searching for "*5a95a9e0-59dd-4314-bd84-4d18ca83a0e2*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\3hnw3ken.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} d------ [19:54 11/04/2014]

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Babylon d------ [19:54 11/04/2014]

Searching for "*snap.do*"
No folders found.

Searching for "*bProtector*"
No folders found.

Searching for "*MySearch*"
No folders found.

Searching for "*Media View*"
No folders found.

Searching for "*MediaView*"
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewerV1 d------ [21:42 25/04/2014]
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewV1 d------ [21:42 25/04/2014]

Searching for "*Media Viewer*"
No folders found.

Searching for "*MediaViewer*"
C:\Qoobox\Quarantine\C\Program Files (x86)\MediaViewerV1 d------ [21:42 25/04/2014]

Searching for "*SmARtCompare*"
C:\Qoobox\Quarantine\C\ProgramData\SmARtCompare d------ [21:42 25/04/2014]

Searching for "*knmafenhackomkdiaggnceblhfomhofe*"
No folders found.

Searching for "*DealPly*"
No folders found.

Searching for "*I Want This*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*InternetHelper*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\LocalLow\internethelper3.1 d------ [19:54 11/04/2014]
C:\Qoobox\Quarantine\C\Users\Chuck\AppData\LocalLow\InternetHelper3.7 d------ [23:03 01/05/2014]

Searching for "*KeyBar*"
No folders found.

Searching for "*Optimizer*"
C:\AdwCleaner\Quarantine\C\Users\Chuck\Documents\Optimizer Pro d------ [19:54 11/04/2014]
C:\Program Files (x86)\Lenovo\Boot Optimizer d------ [23:08 11/10/2011]

Searching for "*LyricsSing*"
No folders found.

Searching for "*Tencent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Tencent d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone d------ [19:54 11/04/2014]
C:\AdwCleaner\Quarantine\C\Users\Chuck\AppData\Roaming\Tencent\QQ\Misc\com.tencent.wireless d------ [19:54 11/04/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent d------ [23:02 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.qzone d------ [23:02 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.weather d------ [23:02 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\AppData\Roaming\Tencent\QQ\Misc\com.tencent.wireless d------ [23:02 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\Documents\Tencent Files d------ [23:03 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Owner\Documents\Tencent Files\All Users\QQ\Misc\com.tencent.qqshow d------ [23:03 01/05/2014]
C:\Qoobox\Quarantine\C\RestoreSony\C\Users\Public\Documents\Tencent d------ [23:03 01/05/2014]
C:\Qoobox\Quarantine\C\Users\Chuck\Documents\Tencent Files d------ [23:04 01/05/2014]
C:\Qoobox\Quarantine\C\Users\OLD Computer\C\Users\Owner\Documents\Tencent Files d------ [23:04 01/05/2014]
C:\Qoobox\Quarantine\C\Users\Public\Documents\Tencent d------ [23:04 01/05/2014]

Searching for "*DefaultTab*"
No folders found.

Searching for "*BetterSurf*"
No folders found.

Searching for "*WebexpEnhanced*"
No folders found.

Searching for "*jncmagbhmnlmppimlagabdnhhlbclman*"
No folders found.

Searching for "*better-surf*"
No folders found.

Searching for "*poheodfamflhhhdcmjfeggbgigeefaco*"
No folders found.

Searching for "*N1yiPr_Rfs*"
No folders found.

Searching for "*qafEv57pd*"
No folders found.

Searching for "*DLL Fixer*"
No folders found.

Searching for "*DM Uninstaller*"
No folders found.

-= EOF =-

*System Look Scan #3
*
SystemLook 30.07.11 by jpshortstuff
Log created at 13:16 on 12/05/2014 by Chuck
Administrator - Elevation successful

========== regfind ==========

Searching for "LuckLeap"
No data found.

Searching for "LemurLeap"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Util LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Util LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Update LemurLeap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Util LemurLeap]

Searching for "SearchProtect"
No data found.

Searching for "conduit"
No data found.

Searching for "Wajam"
No data found.

Searching for "jpmbfleldcgkldadpdinhjjopdfpjfjp"
No data found.

Searching for "5a95a9e0-59dd-4314-bd84-4d18ca83a0e2"
No data found.

Searching for "babylon"
No data found.

Searching for "snap.do"
No data found.

Searching for "bProtector"
No data found.

Searching for "MySearch"
No data found.

Searching for "Media View"
No data found.

Searching for "MediaView"
No data found.

Searching for "Media Viewer"
No data found.

Searching for "MediaViewer"
No data found.

Searching for "SmARtCompare"
No data found.

Searching for "knmafenhackomkdiaggnceblhfomhofe"
No data found.

Searching for "DealPly"
No data found.

Searching for "I Want This"
No data found.

Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"FD1DD379D15DBB646BCA5D66711D331C"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"FD1DD379D15DBB646BCA5D66711D331C"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"FD1DD379D15DBB646BCA5D66711D331C"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"FD1DD379D15DBB646BCA5D66711D331C"="C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"InstallSource"="C:\Users\Chuck\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD1DD379D15DBB646BCA5D66711D331C\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154B256B-08DC-4A95-8817-07980BDF704F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.exe|Name=Iminent Firewall Rule|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28332015-E474-4263-A1F9-3793455AA619}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Iminent\Iminent.Messengers.exe|Name=Iminent.Messengers Firewall Rule|Edge=TRUE|"

Searching for "InternetHelper"
No data found.

Searching for "KeyBar"
No data found.

Searching for "Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"Name"="Lenovo\Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"path"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"InstallPath"="C:\Program Files (x86)\Lenovo\Boot Optimizer\FBSet.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"InstallDir"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Boot Optimizer]
"DisplayName"="Lenovo\Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"DisplayName"="Lenovo EE Boot Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"UninstallString"="C:\Program Files (x86)\Lenovo\Boot Optimizer\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"InstallLocation"="C:\Program Files (x86)\Lenovo\Boot Optimizer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"ReadMe"="C:\Program Files (x86)\Lenovo\Boot Optimizer\Readme.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo EE Boot Optimizer]
"DisplayIcon"="C:\Program Files (x86)\Lenovo\Boot Optimizer\\FBSet.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"

Searching for "LyricsSing"
No data found.

Searching for "Tencent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae56af2_0]
@="{0.0.0.00000000}.{43ada949-9478-4ebd-9af8-aab9c78f8e00}|\Device\HarddiskVolume2\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F46D88D4-2245-4E0B-9A82-4D2A73529F01}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D5E0E2BA-2875-496B-8397-449C679C0212}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe|Name=QQ International|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066FAF53-F597-4CFD-B7E4-5AC56FCFCA68}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe|Name=ÌÚÑ¶²úÆ·ÏÂÔØ×é¼þ|"
[HKEY_USERS\S-1-5-21-2471097063-1945811626-1650287918-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae56af2_0]
@="{0.0.0.00000000}.{43ada949-9478-4ebd-9af8-aab9c78f8e00}|\Device\HarddiskVolume2\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "DefaultTab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D69495AF-8F32-39EE-BD96-D683D87D6A8E}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Word.WdDefaultTableBehavior"

Searching for "BetterSurf"
No data found.

Searching for "WebexpEnhanced"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Webexp Enhanced]
"Path"="C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha92"

Searching for "jncmagbhmnlmppimlagabdnhhlbclman"
No data found.

Searching for "0C7C23EF-A848-485B-873C-0ED954731014"
No data found.

Searching for "A57E074F-56D8-4A33-8112-AAC9693AA909"
No data found.

Searching for "DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9"
No data found.

Searching for "HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH"
No data found.

Searching for "better-surf"
No data found.

Searching for "N1yiPr_Rfs"
No data found.

Searching for "qafEv57pd"
No data found.

Searching for "DLL Fixer"
No data found.

Searching for "DM Uninstaller"
No data found.

========== dir ==========

C:\Users\Chuck\Downloads - Parameters: "(none)"

---Files---
201303011362157572_2.zip --a---- 160691 bytes [05:47 08/02/2014] [05:47 08/02/2014]
AAA Certified Flow Chart.pdf --a---- 184549 bytes [22:44 22/04/2012] [22:44 22/04/2012]
AAA Certified SCA Powerpoint 121511.pdf --a---- 760266 bytes [22:45 22/04/2012] [22:45 22/04/2012]
AAA SureSale _Business Agreement Signed Signature Page of Marketing Agreement 1-20-2012.pdf --a---- 1064493 bytes [22:44 22/04/2012] [22:44 22/04/2012]
AdwCleaner(1).exe --a---- 1426178 bytes [16:17 12/04/2014] [16:17 12/04/2014]
AdwCleaner(2).exe --a---- 1426178 bytes [21:12 14/04/2014] [21:12 14/04/2014]
AdwCleaner(2).exe - Shortcut.lnk --a---- 1444 bytes [21:13 14/04/2014] [21:13 14/04/2014]
AdwCleaner(3).exe --a---- 1426178 bytes [21:16 14/04/2014] [21:17 14/04/2014]
AdwCleaner.exe --a---- 1426178 bytes [19:47 11/04/2014] [19:47 11/04/2014]
AntiMalware-Installer.exe --a---- 4854016 bytes [01:36 15/12/2013] [01:38 15/12/2013]
ASI Letter of Authorization.pdf --a---- 1516486 bytes [22:44 22/04/2012] [22:44 22/04/2012]
contact --a---- 28837 bytes [22:51 07/04/2014] [22:52 07/04/2014]
desktop.ini --ahs-- 282 bytes [17:09 01/02/2012] [01:37 15/09/2013]
dffsetup-zlib1.exe --a---- 5341472 bytes [05:08 08/02/2014] [05:09 08/02/2014]
DriverUpdate-setup (1).exe  --a---- 739808 bytes [16:03 07/04/2014] [16:03 07/04/2014]
DriverUpdate-setup.exe --a---- 739808 bytes [15:59 07/04/2014] [15:59 07/04/2014]
Extras.Txt --a---- 82290 bytes [16:08 05/04/2014] [19:33 05/04/2014]
Greg Potts - Retirement letter and package (1).zip --a---- 4789684 bytes [21:09 25/02/2014] [21:09 25/02/2014]
Greg Potts - Retirement letter and package.zip --a---- 4789684 bytes [21:09 25/02/2014] [21:09 25/02/2014]
HijackThis.exe --a---- 388608 bytes [12:05 02/03/2014] [12:05 02/03/2014]
hs_err_pid4132.log --a---- 18608 bytes [02:16 15/12/2013] [02:16 15/12/2013]
hs_err_pid66912.log --a---- 17073 bytes [21:41 06/07/2013] [21:41 06/07/2013]
hs_err_pid67060.log --a---- 17240 bytes [21:50 06/07/2013] [21:50 06/07/2013]
IDM2.exe --a---- 1071168 bytes [05:08 08/02/2014] [05:08 08/02/2014]
Installer.exe --a---- 104360 bytes [04:11 08/02/2014] [04:12 08/02/2014]
jre-6u31-windows-i586-iftw (1).exe --a---- 910112 bytes [00:15 03/03/2012] [00:15 03/03/2012]
jre-6u31-windows-i586-iftw.exe --a---- 910112 bytes [00:15 03/03/2012] [00:16 03/03/2012]
lotrohigh.exe --a---- 2525224 bytes [21:08 08/02/2014] [21:09 08/02/2014]
LOTROProgressive_4.28 (1).exe --a---- 8711768 bytes [17:06 08/02/2014] [17:06 08/02/2014]
LOTROProgressive_4.28 (2).exe --a---- 8711768 bytes [00:40 09/02/2014] [00:40 09/02/2014]
LOTROProgressive_4.28(1).exe --a---- 8711768 bytes [20:58 08/02/2014] [20:59 08/02/2014]
LOTROProgressive_4.28(2).exe --a---- 8711768 bytes [20:59 08/02/2014] [20:59 08/02/2014]
LOTROProgressive_4.28.exe --a---- 8711768 bytes [17:05 08/02/2014] [17:06 08/02/2014]
mbam-setup-2.0.1.1004.exe --a---- 17305616 bytes [14:22 11/04/2014] [14:23 11/04/2014]
Minecraft (1).exe --a---- 263186 bytes [23:21 05/04/2013] [23:21 05/04/2013]
Minecraft.exe --a---- 263186 bytes [22:09 20/03/2013] [22:09 20/03/2013]
Mutual NDA Non Circumvention 130815 v1.4.docx --a---- 27392 bytes [17:05 07/04/2014] [17:05 07/04/2014]
OOo_3.3.0_Win_x86_install-wJRE_en-US.exe --a---- 158067944 bytes [18:17 05/03/2012] [18:21 05/03/2012]
OTL - Shortcut.lnk --a---- 969 bytes [15:57 13/03/2014] [15:57 13/03/2014]
OTL(1).exe --a---- 602112 bytes [15:48 07/04/2014] [15:48 07/04/2014]
OTL(1).exe.part --a---- 295528 bytes [15:52 13/03/2014] [16:01 13/03/2014]
OTL(2).exe --a---- 602112 bytes [14:38 10/04/2014] [14:38 10/04/2014]
OTL.exe --a---- 602112 bytes [15:05 05/04/2014] [15:05 05/04/2014]
OTL.exe.part - Shortcut.lnk --a---- 1000 bytes [15:57 13/03/2014] [15:57 13/03/2014]
OTL.Txt --a---- 423168 bytes [16:07 05/04/2014] [23:09 16/04/2014]
OTL.Txt140407.txt --a---- 587422 bytes [16:53 07/04/2014] [16:53 07/04/2014]
OTL.Txt140415.txt --a---- 562544 bytes [00:55 16/04/2014] [00:55 16/04/2014]
OTL140410.Txt --a---- 597694 bytes [16:34 10/04/2014] [16:34 10/04/2014]
ParetoLogic PC Health Advisor.exe --a---- 5791960 bytes [14:36 08/02/2014] [14:37 08/02/2014]
Player-Chrome.exe --a---- 1079440 bytes [19:20 09/02/2014] [19:21 09/02/2014]
QQintl2.11.exe --a---- 49880760 bytes [16:32 07/03/2014] [16:34 07/03/2014]
Repair-tool (1).exe --a---- 5162600 bytes [05:50 08/02/2014] [05:50 08/02/2014]
Repair-tool.exe --a---- 5162600 bytes [05:49 08/02/2014] [05:50 08/02/2014]
SecurityCheck(1).exe --a---- 987448 bytes [14:26 05/04/2014] [14:26 05/04/2014]
SecurityCheck(2).exe --a---- 987448 bytes [14:26 05/04/2014] [14:26 05/04/2014]
SecurityCheck.exe --a---- 987442 bytes [15:43 13/03/2014] [15:44 13/03/2014]
Segregation.docx --a---- 556813 bytes [23:48 26/10/2013] [23:48 26/10/2013]
setup (12).exe --a---- 126384 bytes [01:53 28/02/2014] [01:53 28/02/2014]
setup (7).exe --a---- 110776 bytes [03:23 08/02/2014] [03:23 08/02/2014]
setup (8).exe --a---- 110776 bytes [03:23 08/02/2014] [03:23 08/02/2014]
Setup_ODM (1).exe --a---- 444944 bytes [22:06 01/03/2014] [22:06 01/03/2014]
Setup_ODM (2).exe --a---- 444944 bytes [00:11 03/03/2014] [00:11 03/03/2014]
Setup_ODM.exe --a---- 444920 bytes [21:26 25/02/2014] [21:27 25/02/2014]
SUPERAntiSpyware.exe --a---- 18613088 bytes [17:44 11/04/2014] [17:44 11/04/2014]
SureSale Dealer Training Kit 1-10-2012.pdf --a---- 3000670 bytes [22:44 22/04/2012] [22:44 22/04/2012]
SureSale NIADA Proposal.pdf --a---- 4662510 bytes [22:43 22/04/2012] [22:43 22/04/2012]
test.dat --a---- 4 bytes [05:47 08/02/2014] [05:47 08/02/2014]
Unconfirmed 837047.crdownload --a---- 471779 bytes [20:08 04/02/2014] [20:11 04/02/2014]
UnityWebPlayer (1).exe --a---- 1070496 bytes [01:02 06/04/2014] [01:02 06/04/2014]
UnityWebPlayer.exe --a---- 1070496 bytes [01:02 06/04/2014] [01:02 06/04/2014]
Webb Review MDB.pdf --a---- 252163 bytes [19:25 27/02/2014] [19:26 27/02/2014]
WinZip180.exe --a---- 420784 bytes [20:21 03/02/2014] [20:21 03/02/2014]
wp-login.php --a---- 2429 bytes [02:39 07/04/2014] [02:39 07/04/2014]
X17-22375.exe --a---- 790361424 bytes [02:09 24/04/2012] [02:47 24/04/2012]

---Folders---
None found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

That's okay, anytime is fine, and I'm always around somewhere 

Any joy on the OTL log? Most of the above looks good, just a few remains to do :up:


----------



## Frustrated1636 (Oct 25, 2012)

Hey Eddie,

Sorry, I ran it right after the system looks and since it took awhile got up from the computer and promptly forgot about it. Here it is! Thanks!!!!!

Too big to paste so I am attaching the file.


----------



## Frustrated1636 (Oct 25, 2012)

Sorry, works better if you actually attach the file.....


----------



## eddie5659 (Mar 19, 2001)

Thanks, but it looks like there are still some firefox entries that haven't gone, so lets see if using a different tool will help 

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

*IF OTS SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*


----------



## Frustrated1636 (Oct 25, 2012)

Hey Eddie!

Ran the OTS scan and I am attaching log. There does seem to be something going on with Firefox. In many cases the download arrow rises up as with a normal download but it does not turn green. When I look to see if something did download nothing can be found. Personally, I think it is evil spirits.

Thanks for your help!


----------



## eddie5659 (Mar 19, 2001)

Thanks for the log, posting a fix in a min 

So, with regards to the download, are you clicking on something to download, and it doesn't turn green, like its supposed to. Or is it just saying its downloading, when its not supposed to?

Anyhoo, onto the fix.

----------------------
First of all, we'll create a backup of the Registry, just in case. 99.99% of the time nothing happens, but its better to be safe 

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-------------

Start OTS. Download the attached fix and copy/paste the information into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

Also, can you re-run OTS as a scan as you did earlier, and attach it like you did before.

Thanks

eddie


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Think we may have hit a problem, OTS seems to have stalled and is not responding per task manager. I am attaching a pic, note the the step where it stalled in wording bottom left. Thanks...


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

As per the phantom Firefox download it is starting up without me doing anything. I see it when I start up Firefox and then noticed it a couple of other times while in the program. Again the arrow appears as when you regularly download, except in this case it is not green but just an empty grey. When I click on the arrow in toolbar, it seems that nothing has been downloaded. Thanks...


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

Attached is the OTS log...THANKS!!!!!


----------



## eddie5659 (Mar 19, 2001)

That's good to see it remove it, but just to be certain, can you re-run a scan as you did before here 

http://forums.techguy.org/8910060-post59.html

I'll have a look at the phantom firefox bit after I'm happy that code thing has gone


----------



## Frustrated1636 (Oct 25, 2012)

Eddie,

My apologies. Scan log attached. Thank you....


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like the code is still there, and its proving a bit hard to remove. So, I think we should backup the bookmarks you have in Firefox, and do a fresh install, to see if that will help.

So, see here on how to export the bookmarks to your desktop, for example:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

As you should also see, in the picture, is an option to Import from HTML, so just do exactly the same after the install, but select Importl.

Then, after you've done that, start with getting the new download from here, and save it somewhere you know where it is:

http://www.mozilla.org/en-US/firefox/all/

And scroll down the *English (US)* and click on the Download link next to the first arrow, the one with 4 colours on it 

Then, once that's downloaded, go to Control Panel | Programs and Features, and uninstall *Mozilla Firefox*. It may require a restart to make sure its fully done, so if it asks, just restart.

If it asks to keep existing options etc, select the option to not keep them. You should have your bookmarks already saved, but if you do keep the options, I feel that code will still be there after installing again.

Then, when its all uninstalled, install Firefox again from the downloaded file you got before, and import your bookmarks.

Then, can you post a fresh OTS log again 

eddie


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddie,

I have uninstalled and reinstalled Firefox as directed without problem. I also went ahead and ran the OTS scan again and have attached it.

A couple of quick questions: The computer came with Norton and McAfee antivirus programs installed. They keep popping up and I would like to delete them. Can I just use uninstall? Also do you have any recommendations for a free anti-virus? A friend recommended Aria (sp?).

Thank you!!!!!!!!!


----------



## eddie5659 (Mar 19, 2001)

Firstly, we'll remove a few things that I think didn't get removed before, due to the code, which we had to go via the reinstall route 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {055CB510-ADCF-4FBC-9818-D81CD04025A5} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {07FA206D-42D1-44A5-B108-9D66F51F5A70} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {0C72EABF-1E9D-4A0A-9A5D-0ABA5B486ADE} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {11B9D7EE-F52F-404C-A9BF-48DF38EE1112} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {2CFF0279-D958-4920-82C3-0D97379E4ED9} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {4D430F56-9010-4B6B-BAC6-2FA2E8091A42} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {4DB2309B-374C-4FEB-981E-DFD870554AFA} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {5832A90A-1F85-4BA5-BD8C-4123329A4AB4} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {5B32FDB3-3BAE-434A-BEE6-0A6FFDF715FB} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {5CB04797-CEB7-4FC1-ADBF-44130D207365} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {5F6F3860-5D55-49E1-A7B0-869B3DA89A4D} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {6A5F480D-139E-4053-BE15-3AE3B63A84E2} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {72CE2E7F-2DDE-4A08-9E3F-3B4AEEA128BE} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {73248A38-AD99-4563-837B-C396E32E1D76} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {75DFE3CA-5A5D-4280-BB6E-262F92C9F5FF} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {7C079BC5-A24C-4CF9-89B1-CAFA9B5E8E13} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {7C12283F-0961-4B73-AFA8-0330610DFA30} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {8A7D673D-6676-4305-B59A-95E61085C029} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {8FD28823-1208-4FE0-95DC-8E301157BB86} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {90446E2D-B330-43E7-8961-6644DE10137E} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {90564C55-B829-4672-8F44-F801DACDF90E} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {99B05F43-238C-4D15-B0A3-AAF6892341A9} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {A2B87E1E-001D-42ED-9276-847C607FCA22} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {AE09FA0B-732B-434C-AB97-14CA802F9C9F} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {B0D65389-8CE0-4C84-9BFB-C37D07C4B0E1} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {B9EE5A58-2E24-4474-B445-061308704E48} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {BAC18FB5-A52E-492C-A693-64F21DD66240} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {E68AC12A-A4EF-44A7-BB09-CF4AAAE801B6} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {F86820F3-B580-4931-A198-BB660D07C253} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
YN -> {F9D27F4E-93DD-45F6-A561-18EF22F3408B} -> lport=4000 | profile=public | protocol=6 | dir=out | action=allow | name=dll-files.com fixer | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {066FAF53-F597-4CFD-B7E4-5AC56FCFCA68} -> profile=public | protocol=17 | dir=in | action=allow | name=ìúñ¶²úæ·ïâôø×é¼þ | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
YN -> {154B256B-08DC-4A95-8817-07980BDF704F} -> dir=in | action=allow | name=iminent firewall rule | app=c:\program files (x86)\iminent\iminent.exe | 
YN -> {28332015-E474-4263-A1F9-3793455AA619} -> dir=in | action=allow | name=iminent.messengers firewall rule | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
YN -> {56D921BC-260D-4050-9407-C5E025E38DE5} -> dir=in | action=allow | name=gcc | app=c:\users\chuck\appdata\local\gcc\controller.exe | 
YN -> {B1DAEE2D-E27F-45F3-88E4-78F922E7C3A9} -> profile=public | protocol=6 | dir=in | action=allow | name=ìúñ¶²úæ·ïâôø×é¼þ | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 
YN -> {D5E0E2BA-2875-496B-8397-449C679C0212} -> profile=public | protocol=17 | dir=in | action=allow | name=qq international | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
YN -> {F46D88D4-2245-4E0B-9A82-4D2A73529F01} -> profile=public | protocol=6 | dir=in | action=allow | name=qq international | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe | 
[Files/Folders - Modified Within 30 Days]
NY ->  2 C:\Users\Chuck\AppData\Local\Temp\*.tmp files -> C:\Users\Chuck\AppData\Local\Temp\*.tmp
NY ->  2 C:\Users\Chuck\AppData\Local\Temp\*.tmp files -> C:\Users\Chuck\AppData\Local\Temp\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

------------

Now, as for the antivirus's, yep you can uninstall both via the AddRemove Programs in the Control Panel. It may require a reboot after each one, which is fine.

For the free ones, do you mean Avira? Never used it myself, I use Avast free, which is here:

*Avast Home Edition*

Just to let you know, I'm hoping to get booked into the dentist tomorrow sometime. I have a tooth that feels like someone is drilling it all the time, pure agony. So, depending on the outcome, or other visit, I may not reply till Tuesday etc


----------



## Frustrated1636 (Oct 25, 2012)

Hi Eddy,

I hope your trip to the dentist was not too painful. I had to endure two root canals in ,my life, not something I would wish on my worst enemy. I ran the fix as well as a new scan afterwards. Also deleted Norton and McAfee. Let me know what is next.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness. Yep, already had one canal filling, but this one is a back tooth, so have a feeling it will hurt.

Got the appoitment last Monday, have a temp filling. Now on the list for the root filling, and then a 3rd for the crown. Must say, this weekend was heaven compared to last weekend. I could watch films, sleep and eat. All without going ARRRGGHHHHH every minute 

Looking at the scans now


----------



## eddie5659 (Mar 19, 2001)

Okay, the above log looks good :up:

So, lets just run a virus scan here:

Please run a free online scan with the *ESET Online Scanner*

*Vista / Win7 users: *Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select *Run as Administrator*.

*Note: This scan works with Internet Explorer or Mozilla FireFox.*

If using* Mozilla Firefox* you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.


Click the green ESET Online Scanner box
Tick the box next to *YES, I accept the Terms of Use*
then click on: *Start*
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
 Make sure that the option *Scan archives *is checked.
 Now click on *Advanced Settings* and select the following:
*Scan for potentially unwanted applications*
* Scan for potentially unsafe applications*
* Enable Anti-Stealth Technology*

 Click on *Start*
 The virus signature database will begin to download. *Be patient* this make take some time depending on the speed of your Internet Connection.
 When completed the *Online Scan* will begin automatically. The scan may take several hours.
 *Do not touch either the Mouse or keyboard* during the scan otherwise it may stall.
 When completed select *Uninstall application on close*, *make sure you copy the logfile first!*
 Then click on: *Finish*
 Use *notepad* to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt.*
 *Copy *and *paste* that log *as a reply* to this topic.

*On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan*


----------

