# loading pages problem



## duhme (Dec 2, 2003)

My computer is very slow loading pages or wont even. It freezes up. Shows coded words instead of normal ones. Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista&#8482; Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz, Intel64 Family 6 Model 22 Stepping 1
Processor Count: 1
RAM: 2012 Mb
Graphics Card: Intel(R) G41 Express Chipset, 782 Mb
Hard Drives: C: Total - 290204 MB, Free - 180116 MB; D: Total - 14999 MB, Free - 6059 MB;
Motherboard: Dell Inc., 0U880P
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled


----------



## duhme (Dec 2, 2003)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:46 PM, on 9/24/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16575)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\aol\1269191152\ee\aolsoftware.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
C:\Program Files (x86)\Real\realone player\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\john\Downloads\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
O3 - Toolbar: (no name) - !{724d43a0-0d85-11d4-9908-00400523e39a} - (no file)
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1269191152\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] "C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\realone player\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://game3.pogo.com
O15 - Trusted Zone: www.pogo.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files (x86)\SurfBoard\PanelApp\PanelSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12253 bytes


----------



## duhme (Dec 2, 2003)

will someone please tell me if i am in the wrong forum or why no one is replying to me?


----------



## eddie5659 (Mar 19, 2001)

Hi

Looks like your thread was overlooked, as these forums can be very busy 

Are you still having this problem? If so, can you run the following for me, and we'll go from there 

---------

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

----------

Download *OTL* to your Desktop

*(Vista or Win 7 => right click and Run As Administrator)*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Standard Output*.
At the top, check the box entitled *Scan All Users*
Toward the bottom, check:
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
*Do not change any settings unless otherwise told to do so. *
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
```

Click the *Run Scan* button. The scan wont take long.
A black box will appear, this is part of the custom scan, so don't be alarmed 
*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


Thanks

eddie


----------



## duhme (Dec 2, 2003)

Results of screen317's Security Check version 0.99.89 
Windows Vista Service Pack 2 x64 (UAC is enabled) 
Internet Explorer 9 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
AVG Internet Security 2013 
Norton Internet Security 
Antivirus up to date! (On Access scanning *disabled*!) 
*`````````Anti-malware/Other Utilities Check:`````````* 
Secunia PSI (3.0.0.9016) 
Java 7 Update 67 
Adobe Flash Player 15.0.0.152 
Adobe Reader 9 *Adobe Reader out of Date!* 
Adobe Reader 10.1.12 *Adobe Reader out of Date!* 
Google Chrome 37.0.2062.103 
Google Chrome 37.0.2062.120 
Google Chrome plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0 % 
*````````````````````End of Log``````````````````````*


----------



## duhme (Dec 2, 2003)

OTL Extras logfile created on: 10/29/2014 10:49:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.68% Memory free
4.17 Gb Paging File | 2.33 Gb Available in Paging File | 55.82% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 175.42 Gb Free Space | 61.90% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.92 Gb Free Space | 40.40% Space Free | Partition Type: NTFS

Computer Name: SANDY-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 70 BE 1C A4 44 F0 CA 01 [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20D38770-054D-4D2B-AC79-BC8FCCF5C4F9}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam | 
"{320FFB7A-4728-4499-B36C-2018C2754063}" = lport=40080 | protocol=6 | dir=in | name=remote access media server | 
"{5AF4D71F-A53E-4215-B0CA-27FA63AEAB06}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam | 
"{A09D154F-31AD-4F44-92C6-1E072A3B2AA9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{A2794EEE-A8D3-49CE-98E3-285171D2DD24}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam | 
"{DBEB10DE-69FC-4594-A9A7-3FC9C2C240B3}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam | 
"{F0F5E65A-1088-4777-8B43-71DC5EA68869}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BEC95A-0B2F-42CD-B320-378808C273DD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{0D1C3AC5-6BC5-41FE-802A-4D6D795C71CA}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{11BC798C-2329-402F-B32C-5268245C35CA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{13AEF06B-09C3-466E-8418-EC41F81B47CA}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7b\aolbrowser.exe | 
"{15F06024-BF7A-43F0-899B-DE5099250464}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{19E0F31C-4840-47C6-80F8-42C883C13677}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{1BC71E0F-D72D-41D0-810F-BB00F0EC2FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{2199C0E4-26B6-436A-BFEF-700B5490A6E3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe | 
"{2209F6C4-A61A-4E39-8059-271A05ACC038}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe | 
"{2343888D-547E-47BB-B007-7FD0883BA061}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{25F42182-6ED5-4BBA-9247-F566B643FF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{37C46946-44BA-4EF5-AE77-F9D14904C627}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{42538223-DBE1-48C5-B8A2-856D87A42335}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{447AC14B-B4D2-448B-B121-3CD4F2FA60E3}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{496BFBBB-0D00-42CD-B8C5-CE1941FA4ECA}" = dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{4C6900EC-B194-44A5-9528-C7136DAE068D}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7b\waol.exe | 
"{54CF3CD1-23A6-4DDA-B390-A2FE0680BD16}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{58753BBD-EC0C-4223-9EA5-C97091326CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{58B41F18-03C6-4B2B-A361-EADFF9A858BB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{5A5032E8-AD5E-4718-9A5A-ACABD020BD73}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{5E495291-C60B-4962-AD30-91E4D0B2E5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe | 
"{67A73216-0EF4-4D06-B352-9983A21C9A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe | 
"{6ED56C0E-43CF-4516-81F9-905CCE694689}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe | 
"{772C3BEC-790F-4C49-AD25-A6E84D9A3409}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{78CB4B2D-49C7-4288-977E-2B371CBFCD6E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe | 
"{7B4CDED9-79AA-41B2-9400-F5DBA4446390}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe | 
"{7C6BF52E-7295-4915-868B-1BBCA462EF74}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{85194D7F-2107-4605-8107-34DAC67B7A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7b\aolbrowser.exe | 
"{9053D993-1598-44B2-B4F9-91B3C02C3909}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{9D7E30A1-FB34-41BB-B685-01AB5219E7AB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{9F75CB9B-3590-40F9-89DA-BBE20334E663}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A2882565-8553-4273-ACB6-FF1CDF90389A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{A814C6B1-B684-42E0-9F52-A4D2984F1047}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7b\waol.exe | 
"{B42555EB-228F-4025-9DEF-FFF27CC41C78}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1269191152\ee\aolsoftware.exe | 
"{B87A7C70-5146-4552-963F-618D4324FC24}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{BD2C0366-8985-4E08-AB81-5E7263C94338}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1269191152\ee\aolsoftware.exe | 
"{C79878F0-93DA-4D9C-B0DD-92FA1B44EEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{D1BD2367-552A-40A7-8771-1898934E867F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{D1D5A0B9-86DA-4403-BDF3-6AEFF0BC3AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{D20F37E8-C7E2-48DC-B432-2AD1C90E560A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe | 
"{D991418A-4BA5-4E98-A0EC-3AD02C073550}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1269191152\ee\aolsoftware.exe | 
"{DC99D504-D197-4E1D-A5A6-6E12AABD2ACD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{E21CA40A-C40D-49C4-928F-0D9091E933B4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1269191152\ee\aolsoftware.exe | 
"{E902A8F3-4DE0-4343-9BB4-582D05BC1B97}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{F0AA1074-79FF-480B-BE77-3D4DB90BA5F9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe | 
"{F2E41A0A-7EAF-4999-A6CB-8401CA187E56}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{F3989FE7-3397-4553-9128-D4DC75E1C0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe | 
"{F6BD9173-087D-4364-A453-9E2194D67128}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"TCP Query User{06B66EDB-D8BC-4FA1-89DD-7446C954CA55}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{4A29C561-B6E2-427D-BD6F-A258018D365F}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series" = Canon MG3200 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4FD80311-508F-42C3-A004-4CC8D08231F5}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AVG" = AVG 2013
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}" = Hercules Dualpix Infinite Webcam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.5
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.12)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D5EA1755-1899-4380-A4BA-83840648CBDA}" = SurfBoard Technology Tracking Application
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Canon MG3200 series On-screen Manual" = Canon MG3200 series On-screen Manual
"Canon MG3200 series User Registration" = Canon MG3200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Hardware Helper_is1" = Hardware Helper
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"TeamViewer 7" = TeamViewer 7
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"wp-adinject-adk" = Web Protect for Windows

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2014 8:07:41 AM | Computer Name = Sandy-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 127.0.0.1:49897 
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress 
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception 
stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 10/27/2014 10:20:17 AM | Computer Name = Sandy-PC | Source = CouponArificService64 | ID = 1
Description =

Error - 10/27/2014 10:20:30 AM | Computer Name = Sandy-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/27/2014 10:22:18 AM | Computer Name = Sandy-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 127.0.0.1:49201 
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress 
socketAddress) at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket
s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult
asyncResult, Int32 timeout, Exception& exception) --- End of inner exception 
stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 10/27/2014 8:25:34 PM | Computer Name = Sandy-PC | Source = VSS | ID = 8193
Description =

Error - 10/28/2014 11:07:44 PM | Computer Name = Sandy-PC | Source = VSS | ID = 8193
Description =

Error - 10/28/2014 11:18:49 PM | Computer Name = Sandy-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2014 11:39:45 PM | Computer Name = Sandy-PC | Source = VSS | ID = 8193
Description =

Error - 10/29/2014 10:20:38 AM | Computer Name = Sandy-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2014 10:54:51 AM | Computer Name = Sandy-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 10/27/2014 10:59:33 AM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/28/2014 11:18:50 PM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/28/2014 11:18:50 PM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/28/2014 11:20:27 PM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/28/2014 11:48:49 PM | Computer Name = Sandy-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.187.567.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11104.0

Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/29/2014 10:20:38 AM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2014 10:20:38 AM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/29/2014 10:21:54 AM | Computer Name = Sandy-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/29/2014 10:45:31 AM | Computer Name = Sandy-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.187.567.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11104.0

Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 10/29/2014 10:48:29 AM | Computer Name = Sandy-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks, but it looks like there is some text missing from one of the logs. Can you find the OTL.txt log in your download folder here:

*C:\Users\john\Downloads*

And copy/paste the contents here. It should have *JUNCTION* entries near the end. Don't worry about the Extras log, that is all there 

----

After doing that, it looks like your Adobe Reader is out of date.

Go here for the latest version:

http://get.adobe.com/reader

*Untick* the option to install the McAfee Security Scan Plus, then click on the *Download Now* button.

----

Then, can you uninstall this program (if present):

*Viewpoint Media Player*

============

After doing the above, can you then run the following programs:

Please download *Malwarebytes' Anti-Malware* from *Here* or *Here*


Double Click the downloaded *mbam-setup-x.x.x.xxxx.exe* to install the application. (x.x.x.xxxx represents the current version number).

During installation, make sure *uncheck* *Enable free trial of Malwarebytes Anti-Malware Premium*, then click *Finish*. You can always upgrade later  :










If an update is found, it will download and install the latest updates automatically:










Now select the *Settings* tab, and check the box next to *Scan for rootkits*:










Go back to the *Dashboard* tab, and click the *Scan Now* button:










The scan may take some time to finish,so please be patient.










When the scan is complete, it will show you the results. (This one is clean):










Make sure that *everything is checked*, and click *Quarantine All* (or similar).

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select *View detailed log* in the *Scan* tab:










The log is automatically saved by MBAM and can be viewed by going to the *History* tab and clicking on *Application Logs*:










Choose the latest Scan Log, and click on the *View* button:










In the bottom of the *Scanning History Log* window that opens, you can click on *Export > Save to Text file (*.txt*). Save the report to your Desktop.










Copy & Paste the entire contents of the report log in your next reply.

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.*

*** In your next reply, I need you to Copy&Paste the contents of the *MBAM log file*.

--------------------

Go here, to download and save *AdwCleaner.exe* to your desktop.



Just click on the *Download Now @BleepingComputer*

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click *AdwCleaner.exe* to load its main window.

Click the *Scan* button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

Thanks

eddie


----------



## duhme (Dec 2, 2003)

sorry Eddie ..I got to come back to this in the morning.I am so confused.Is there any way we can eliminate any duplicate logs I have made on here. My brain is not doing well at all.


----------



## eddie5659 (Mar 19, 2001)

I'll delete the duplicate Extra's one, but for the otl log, it may be better to upload it, as it keeps missning parts out. Then, when its uploaded, I'll delete the duplicates as well, so that we just have the two 

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* in the *C:\Users\john\Downloads.*
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## duhme (Dec 2, 2003)

*text is too long, will use the attached log - that is why it wouln't post* - eddie5659


----------



## eddie5659 (Mar 19, 2001)

Thanks, I'll edit this reply and copy/paste the full log, and remove the duplicates. :up:

Will have to look at this fully tonight. Got the afternoon off to see the dentist for some drilling, so will do this later on


----------



## eddie5659 (Mar 19, 2001)

Okay, the log is too long, edited above to make it neater, and will look at the attachment when home


----------



## duhme (Dec 2, 2003)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/30/2014
Scan Time: 2:50:43 PM
Logfile: bills.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.30.11
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: john

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445682
Time Elapsed: 41 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.LuckyLeap.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7F66829F-F442-431F-AF59-E4474505A67A}, Quarantined, [f4cd799e6913b97d573818cbb64c9967], 
PUP.Optional.LuckyLeap.A, HKLM\SOFTWARE\CLASSES\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}, Quarantined, [1aa76bac097358de008f1ac9d32f11ef], 
PUP.Optional.LuckyLeap.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7F66829F-F442-431F-AF59-E4474505A67A}, Quarantined, [1aa76bac097358de008f1ac9d32f11ef], 
PUP.Optional.LuckyLeap.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}, Quarantined, [7d4473a42b51cb6beaa5697aa35f3bc5], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.wajam.chrome.messaging.host, Quarantined, [aa17d146e5974beb8f0ff068946fa65a],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, Quarantined, [dde424f3a3d914225b4319830afa6799], 
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [4d74cc4b86f66ccaa5b5f7f060a2b749], 
PUP.Optional.Extutil.A, C:\Users\john\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [d0f11ef981fb989e8b41de30d92a6a96], 
PUP.Optional.Managera.A, C:\Users\john\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [358ca7701d5f26100ac35ab43fc4a25e],

Files: 45
PUP.Optional.OpenCandy, C:\Users\john\Desktop\jre-7u7-windows-x64-d2c.exe, Quarantined, [21a0ac6b59236fc7c942acaee61fba46], 
PUP.Optional.iBryte, C:\Users\john\Desktop\Setup.exe, Quarantined, [41808394cab2d660bc2543fb81809b65], 
PUP.Optional.InstallBrain.A, C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$R2MNEWI.exe, Quarantined, [2f9248cf4c300234a2386e0d55ac54ac], 
PUP.Optional.Bandoo.A, C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$RTT39D0.exe, Quarantined, [f2cf18ffceae2e0856152321b54c53ad], 
PUP.Optional.RegCleanerPro, C:\Users\john\AppData\Local\Temp\RegClean7.exe, Quarantined, [7a474fc8384447ef08cc170aa35edf21], 
PUP.Optional.Conduit.A, C:\Users\john\AppData\Local\Temp\SPSetup.exe, Quarantined, [dde4f522b7c550e655e2dc5937ca03fd], 
PUP.Optional.GreatArcadeHits.A, C:\Users\john\AppData\Local\Temp\newsetup.exe, Quarantined, [368bf0277903cb6bb3a3153f3ac76d93], 
PUP.Optional.SearchProtect.A, C:\Users\john\AppData\Local\Temp\nsaB38A.exe, Quarantined, [734e3dda3f3d61d5ae976ed2946d3cc4], 
PUP.Optional.SearchProtect.A, C:\Users\john\AppData\Local\Temp\nsaBF6D.exe, Quarantined, [fbc6ef28007c989e55f0f34db0518878], 
PUP.Optional.SearchProtect.A, C:\Users\john\AppData\Local\Temp\nsaCA56.exe, Quarantined, [dee339defe7e4aec9ea7c27e976a6a96], 
PUP.Optional.SearchProtect.A, C:\Users\john\AppData\Local\Temp\nsaD32D.exe, Quarantined, [c4fd72a5d5a765d19da8dc6425dcef11], 
PUP.Optional.GreatArcadeHits.A, C:\Users\john\AppData\Local\Temp\n2110\GreatArcadeHits_3009-b91b25b1.exe, Quarantined, [a61b76a1275554e289b8b076ea16f709], 
PUP.Optional.RegCleanerPro, C:\Users\john\AppData\Local\Temp\n2110\RegClean_1612-230a802f.exe, Quarantined, [a51cee29aece91a5d10341e017eaeb15], 
PUP.Optional.Conduit.A, C:\Users\john\AppData\Local\Temp\n2110\searchprotect_2111-1a12a8ce.exe, Quarantined, [7e43fe19f389251174ff300303fe6f91], 
PUP.Optional.Wajam.A, C:\Users\john\AppData\Local\Temp\n2110\wajam_2207-6c14163c.exe, Quarantined, [0fb23cdb493346f0b473281fd927d62a], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsj48B8.exe, Quarantined, [e7da6bacc7b5e35356eff34da65bea16], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsa4CDF.exe, Quarantined, [269b11067efe92a4a5a0f14f837e0cf4], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsaA06A.exe, Quarantined, [e3de47d0a2daf93df352e55b1be6be42], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsaA8DD.exe, Quarantined, [88398c8b314b290df55095ab738eb14f], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nscD4A0.exe, Quarantined, [833eb85f324a61d5fe47c17fc43db848], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsg3EF4.exe, Quarantined, [c8f9ba5d9ce087af95b0d26e5da435cb], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsg3F42.exe, Quarantined, [6e5318ff5f1d1c1a6ed7a8982fd2dd23], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nskA0B8.exe, Quarantined, [4e7320f79ae22e0866df70d06f92cf31], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nslD8A4.exe, Quarantined, [05bc0d0a81fbc76f5aebfd438b768977], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsn79B6.exe, Quarantined, [6061e136d4a882b45aeb64dc46bb8779], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nss3B5E.exe, Quarantined, [843d39de542846f0d37292ae758c06fa], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nssF930.exe, Quarantined, [6c55c94e8bf168ceb590013f4db46d93], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nst43C8.exe, Quarantined, [be03bd5af08cb086bb8a94ac05fc8c74], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsvF82.exe, Quarantined, [16abe63176069a9c3015ce7223de54ac], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsx3B7D.exe, Quarantined, [ead726f12656f73f331271cfc1406997], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsxD3E5.exe, Quarantined, [d9e88f8899e3b482ca7b85bbd22f7888], 
PUP.Optional.SearchProtect.A, C:\Windows\temp\nsy4963.exe, Quarantined, [dde419fe3745b284a0a571cf48b941bf], 
PUP.Optional.Rapiddown, C:\Users\john\Downloads\SpywareBlaster.exe, Quarantined, [823f37e0c3b962d4e36a243927dab24e], 
PUP.Optional.OptimunInstaller, C:\Users\john\Downloads\fl_setup.exe, Quarantined, [279ab85ff08cf83ec014a4a54db3ab55], 
PUP.Optional.FirSeriaInstaller, C:\Users\john\Downloads\Combofix (1).exe, Quarantined, [655c2ee91864c96d4ae7ec42e61bbc44], 
PUP.Optional.MyOSProtect.A, C:\Windows\temp\MyOSProtect.log, Quarantined, [f4cdab6c8af278bee5afad7e0af9e020], 
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, Quarantined, [dde424f3a3d914225b4319830afa6799], 
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\config.dat, Quarantined, [dde424f3a3d914225b4319830afa6799], 
Rogue.Multiple, C:\ProgramData\374311380\BITF392.tmp, Quarantined, [4d74cc4b86f66ccaa5b5f7f060a2b749], 
PUP.Optional.Extutil.A, C:\Users\john\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [d0f11ef981fb989e8b41de30d92a6a96], 
PUP.Optional.Extutil.A, C:\Users\john\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [d0f11ef981fb989e8b41de30d92a6a96], 
PUP.Optional.Extutil.A, C:\Users\john\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [d0f11ef981fb989e8b41de30d92a6a96], 
PUP.Optional.Managera.A, C:\Users\john\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [358ca7701d5f26100ac35ab43fc4a25e], 
PUP.Optional.Managera.A, C:\Users\john\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [358ca7701d5f26100ac35ab43fc4a25e], 
PUP.Optional.Conduit, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "suggest_url": "http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}",), Replaced,[9f22b85f5b215adcdce389df46bf926e]

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## duhme (Dec 2, 2003)

# AdwCleaner v3.311 - Report created 30/10/2014 at 17:05:16
# Updated 30/09/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : john - SANDY-PC
# Running from : C:\Users\john\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

-\\ Mozilla Firefox v

[ File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\y7o3et5m.default\prefs.js ]

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [31047 octets] - [22/09/2014 10:42:51]
AdwCleaner[R1].txt - [1907 octets] - [30/10/2014 17:05:16]
AdwCleaner[S0].txt - [26397 octets] - [22/09/2014 14:19:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2028 octets] ##########


----------



## duhme (Dec 2, 2003)

Hope you didnt have a rough time at the dentist. I have been putting off my trip to the dentist.


----------



## eddie5659 (Mar 19, 2001)

It was the final part of my visits. I went a while ago with intense tooth ache. My nerve was dying, so they sorted that out to start with. Then, another visit for a root canel filling. But that was in two visits as well. This was my crown fitting.

All I can say is, go to the dentist, don't put it off. The pain I had that weekend was the worst I can ever have, and if they had spotted it earlier, it could have been prevented, or reduced I think 

Anyhoo, was off Friday and out tonight, but will have a look at this now


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like a lot was removed, but still have some stuff to do. We'll use automated tools to start with, creating fixes. Then, we'll do manual stuff, but I'll explain that later 

Also, do you do any online surveys etc? If not, we'll remove the entry for it, but will wait till you reply on that bit 

-----------

Re-run AdwCleaner with the *Scan* option. After its finished scanning, click the *Clean* button.

Allow the cleaning process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

-----------

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.187.223.212:3124
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.187.223.212:3124
IE - HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\..\SearchScopes\{A0245CBA-74DD-493C-B2EF-AEADEDC107E9}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3018509
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2013/04/18 21:58:12 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\ext ensions\[email protected]
CHR - default_search_provider: suggest_url = http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O3 - HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O4 - HKU\S-1-5-21-2019879599-2988540177-3845787192-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
[2014/09/29 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2014/09/29 11:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
@Alternate Data Stream - 364 bytes -> C:\ProgramData\TEMP:5B85C37B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4B2F39D3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C15EF07
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[purity]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

Thanks

eddie


----------



## duhme (Dec 2, 2003)

# AdwCleaner v3.311 - Report created 01/11/2014 at 16:28:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : john - SANDY-PC
# Running from : C:\Users\john\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\END
File Deleted : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

-\\ Mozilla Firefox v

[ File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\y7o3et5m.default\prefs.js ]

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [31047 octets] - [22/09/2014 10:42:51]
AdwCleaner[R1].txt - [2108 octets] - [30/10/2014 17:05:16]
AdwCleaner[R2].txt - [2168 octets] - [01/11/2014 16:23:38]
AdwCleaner[S0].txt - [26397 octets] - [22/09/2014 14:19:49]
AdwCleaner[S1].txt - [2115 octets] - [01/11/2014 16:28:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2175 octets] ##########


----------



## duhme (Dec 2, 2003)

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File move failed. C:\Windows\SysNative\SET111B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET231.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Does this log look right? Yes, I do online surveys.


----------



## eddie5659 (Mar 19, 2001)

For the OTL log, there should be a lot more. Just the log saying if anything was deleted etc.

But, its fine. And thanks for letting me know about the surveys, I'll ignore those entries 

Now, as you had quite a lot of different things there, lets run this tool, just to rule some things out:

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## duhme (Dec 2, 2003)

Problem signature:
Problem Event Name:	APPCRASH
Application Name:	Firefox.exe
Application Version:	2.3.5.189
Application Timestamp:	49ec5532
Fault Module Name:	ntdll.dll
Fault Module Version:	6.0.6002.18881
Fault Module Timestamp:	51da3e00
Exception Code:	c0000005
Exception Offset:	0006f52f
OS Version:	6.0.6002.2.2.0.768.3
Locale ID:	1033
Additional Information 1:	9d13
Additional Information 2:	1abee00edb3fc1158f9ad6f44f0f6be8
Additional Information 3:	9d13
Additional Information 4:	1abee00edb3fc1158f9ad6f44f0f6be8


Message said nircmd has quit working.What or where is system tray icon ? I only had one Combo fix. What about the disabling of the other anti-virus and malware. All of them? Sorry for my confusion.


----------



## duhme (Dec 2, 2003)

ComboFix 14-11-03.01 - john 11/08/2014 8:36.5.1 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2012.657 [GMT -5:00]
Running from: c:\users\john\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Files Created from 2014-10-08 to 2014-11-08 )))))))))))))))))))))))))))))))
.
.
2014-11-08 14:17 . 2014-11-08 14:17	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2014-11-08 14:17 . 2014-11-08 14:17	--------	d-----w-	c:\users\RA Media Server\AppData\Local\temp
2014-11-08 14:17 . 2014-11-08 14:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-11-08 14:17 . 2014-11-08 14:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-08 14:17 . 2014-11-08 14:17	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2014-11-07 18:12 . 2014-11-07 18:12	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6EA2097-DF95-4419-9136-0FA3A386BDC9}\offreg.dll
2014-11-07 16:17 . 2014-11-07 16:17	--------	d-----w-	C:\24291c1bc1f14d83d870710f55
2014-11-05 22:58 . 2014-11-05 22:58	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-11-01 20:41 . 2014-11-01 20:41	--------	d-----w-	C:\_OTL
2014-10-30 18:45 . 2014-10-30 20:57	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 18:45 . 2014-10-01 15:11	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-10-30 18:45 . 2014-10-01 15:11	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-10-30 18:45 . 2014-10-30 18:45	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-30 18:45 . 2014-10-01 15:11	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-10-27 11:36 . 2014-10-27 11:36	--------	d-----w-	c:\program files (x86)\Common Files\Java(5)
2014-10-20 15:08 . 2014-10-20 15:08	--------	d-----w-	c:\users\john\AppData\Local\Secunia PSI
2014-10-20 15:08 . 2014-10-20 15:08	--------	d-----w-	c:\program files (x86)\Secunia
2014-10-15 07:42 . 2014-09-17 06:57	76800	----a-w-	c:\windows\system32\packager.dll
2014-10-15 07:42 . 2014-09-16 16:56	66560	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-15 07:41 . 2014-09-27 23:41	2782208	----a-w-	c:\windows\system32\win32k.sys
2014-10-15 07:31 . 2014-06-13 18:22	81560	----a-w-	c:\windows\SysWow64\mscories.dll
2014-10-15 07:31 . 2014-06-13 18:22	156824	----a-w-	c:\windows\SysWow64\mscorier.dll
2014-10-15 07:31 . 2014-06-13 17:36	73880	----a-w-	c:\windows\system32\mscories.dll
2014-10-15 07:31 . 2014-06-13 17:36	156312	----a-w-	c:\windows\system32\mscorier.dll
2014-10-15 07:31 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\SysWow64\dfshim.dll
2014-10-15 07:31 . 2014-06-15 22:18	1943696	----a-w-	c:\windows\system32\dfshim.dll
2014-10-15 07:12 . 2014-09-04 23:38	198656	----a-w-	c:\windows\system32\drivers\fastfat.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2009-11-21 02:18	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-15 07:02 . 2006-11-02 12:35	103265616	----a-w-	c:\windows\system32\mrt.exe
2014-09-25 20:27 . 2014-09-25 20:27	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-24 05:39 . 2012-06-14 14:00	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 05:39 . 2011-07-09 23:42	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 11:50 . 2014-09-22 11:50	74703	----a-w-	c:\windows\SysWow64\mfc45.dat
2014-09-21 01:35 . 2014-09-21 01:35	21976	----a-w-	c:\windows\system32\drivers\SPPD.sys
2014-08-23 01:05 . 2014-08-28 07:02	304128	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 07:02	390144	----a-w-	c:\windows\system32\gdi32.dll
2014-08-19 18:40 . 2010-03-21 17:07	58696	----a-w-	c:\windows\SysWow64\AOLParconLink.exe
2014-08-19 18:34 . 2014-08-19 18:34	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2014-08-19 18:34 . 2014-08-19 18:34	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2014-08-12 12:34 . 2013-04-06 16:36	50976	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-02-01 21:30	72704	----a-w-	c:\users\john\AppData\Local\SurfBoard\PanelApp\pahelper_1501.2010.1213.1541.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7b\AOL.EXE" [2014-08-19 72296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1269191152\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Real\realone player\update\realsched.exe" [2014-09-19 295512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HPHNDUService	REG_MULTI_SZ HPHNDUSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-09 21:33	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 05:39]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:57]
.
2014-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:57]
.
2014-11-08 c:\windows\Tasks\Norton Security Scan for john.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-04-18 10:30]
.
2014-11-07 c:\windows\Tasks\PC Utility Kit Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2014-11-06 c:\windows\Tasks\PC Utility Kit Update3.job
- c:\program files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2013-09-12 05:53]
.
2014-11-06 c:\windows\Tasks\PC Utility Kit.job
- c:\program files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2013-09-12 05:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-02-01 21:30	90624	----a-w-	c:\users\john\AppData\Local\SurfBoard\PanelApp\pahelper64_1501.2010.1213.1541.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = 
mCustomizeSearch = hxxp://www.google.com
Trusted Zone: pogo.com\game3
Trusted Zone: pogo.com\www
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Hardware Helper_is1 - c:\program files (x86)\Driver-Soft\HardwareHelper\unins000.exe
AddRemove-wp-adinject-adk - c:\program files (x86)\Web Protect\uninstallhelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-11-08 09:23:42
ComboFix-quarantined-files.txt 2014-11-08 14:23
ComboFix2.txt 2013-09-19 16:04
.
Pre-Run: 188,646,535,168 bytes free
Post-Run: 194,230,718,464 bytes free
.
- - End Of File - - 2D79A008932496F90EA2404A3D3A1686
CDB4DE4BBD714F152979DA2DCBEF57EB


----------



## eddie5659 (Mar 19, 2001)

Excellent, thanks :up:

Now, not much was removed, so onto the manual approach. We'll do bits at a time, as I need to create fixes as I go along 

Firstly, can you upload me a copy of a file that you have, so I can see if its bad or not. Nothing comes up when looking for it, so just want to double-check.

Download suspicious file packer from http://www.safer-networking.org/files/sfp.zip

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop.


```
[b]
C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\y7o3et5m.default\extensions\[email protected]
[/b]
```
It ends with xpi, so make sure you copy all the way to the end 

Please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files.

Just Register, press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file.

Let me know when its uploaded 

-------

Next, we'll use a tool for searching. This doesn't remove anything, its just a search tool. We'll do it in stages, as the logs and scan time may be long, depending on what it finds etc 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*825464l2s864n588q817j4buq4w1*.*
*LuckyLeap*.*
*Wajam*.*
*OpenCandy*.*
*iBryte*.*
*InstallBrain*.*
*Bandoo*.*
*RegCleanerPro*.*
*Conduit*.*
*GreatArcadeHits*.*
*SearchProtect*.*
:folderfind
*825464l2s864n588q817j4buq4w1*
*LuckyLeap*
*Wajam*
*OpenCandy*
*iBryte*
*InstallBrain*
*Bandoo*
*RegCleanerPro*
*Conduit*
*GreatArcadeHits*
*SearchProtect*
:regfind
825464l2s864n588q817j4buq4w1
LuckyLeap
Wajam
OpenCandy
iBryte
InstallBrain
Bandoo
RegCleanerPro
Conduit
GreatArcadeHits
SearchProtect
:dir
C:\Windows\SysNative\tasks\4612 /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## duhme (Dec 2, 2003)

well I think its uploaded. My brain is getting slower and slower to follow the directions you give. I hate to be a pain but could you even make it simpler for me?. It frustrates me.
:filefind
*825464l2s864n588q817j4buq4w1*.*
*LuckyLeap*.*
*Wajam*.*
*OpenCandy*.*
*iBryte*.*
*InstallBrain*.*
*Bandoo*.*
*RegCleanerPro*.*
*Conduit*.*
*GreatArcadeHits*.*
*SearchProtect*.*
:folderfind
*825464l2s864n588q817j4buq4w1*
*LuckyLeap*
*Wajam*
*OpenCandy*
*iBryte*
*InstallBrain*
*Bandoo*
*RegCleanerPro*
*Conduit*
*GreatArcadeHits*
*SearchProtect*
:regfind
825464l2s864n588q817j4buq4w1
LuckyLeap
Wajam
OpenCandy
iBryte
InstallBrain
Bandoo
RegCleanerPro
Conduit
GreatArcadeHits
SearchProtect
:dir
C:\Windows\SysNative\tasks\4612 /s


----------



## eddie5659 (Mar 19, 2001)

That's okay, I'll create some screenshots tonight when I get home (its 7.30 and I'm off to work  )


----------



## duhme (Dec 2, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:38 on 11/11/2014 by john
Administrator - Elevation successful

========== filefind ==========

Searching for "*825464l2s864n588q817j4buq4w1*.*"


----------



## eddie5659 (Mar 19, 2001)

Sorry, was a bit under the weather last night due to this cold that I have, wasn't even looking at my computer 

I'll create some now, and hope to post before I set off in a few mins


----------



## eddie5659 (Mar 19, 2001)

Okay, first copy the following code as you would normally do:


```
:filefind
*825464l2s864n588q817j4buq4w1*.*
*LuckyLeap*.*
*Wajam*.*
*OpenCandy*.*
*iBryte*.*
*InstallBrain*.*
*Bandoo*.*
*RegCleanerPro*.*
*Conduit*.*
*GreatArcadeHits*.*
*SearchProtect*.*
:folderfind
*825464l2s864n588q817j4buq4w1*
*LuckyLeap*
*Wajam*
*OpenCandy*
*iBryte*
*InstallBrain*
*Bandoo*
*RegCleanerPro*
*Conduit*
*GreatArcadeHits*
*SearchProtect*
:regfind
825464l2s864n588q817j4buq4w1
LuckyLeap
Wajam
OpenCandy
iBryte
InstallBrain
Bandoo
RegCleanerPro
Conduit
GreatArcadeHits
SearchProtect
:dir
C:\Windows\SysNative\tasks\4612 /s
```
Then, open up SystemLook:










Next, rightclick inside the window, and select Paste:










And Paste the contents in. Make sure that the beginning of the above code is there. Starts with :filefind










Then, click the *Look * box, let it run, and a Notepad will finally open up, with the results of the scan. This is a different scan, but gives you an idea, as I don't have the same files etc:



















Then, copy paste the entire contents of that log here.

-------

So, it may be a lot larger as its a different scan


----------



## duhme (Dec 2, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:01 on 11/11/2014 by john
Administrator - Elevation successful

========== filefind ==========

Searching for "*825464l2s864n588q817j4buq4w1*.*"
C:\Users\john\AppData\Local\825464l2s864n588q817j4buq4w1	--ahs-- 9446 bytes	[03:06 23/12/2011]	[03:23 23/12/2011] C3A387A79858FF61F24B528EF30C6580
C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\825464l2s864n588q817j4buq4w1	--ahs-- 9446 bytes	[03:06 23/12/2011]	[03:23 23/12/2011] C3A387A79858FF61F24B528EF30C6580

Searching for "*LuckyLeap*.*"
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\static.luckyleap[1].xml	--a---- 676 bytes	[15:51 19/09/2013]	[15:51 19/09/2013] 38BD1F55E4539BE5A4E9E4CC9CB5C84C

Searching for "*Wajam*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\wajamLogo.bmp.vir	--a---- 5430 bytes	[19:42 23/04/2013]	[19:42 23/04/2013] 7BDDC74307568C40E85C1BB001A31E22
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Logos\wajam.ico.vir	--a---- 3262 bytes	[16:00 20/11/2013]	[16:00 20/11/2013] 9FE7A61318B3A1CCB0621E0FBC61CDEE
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\Wajam\Chrome\wajam.crx.vir	--a---- 26560 bytes	[17:06 13/12/2013]	[17:06 13/12/2013] D2CFBBA2ADDDFF5CFC12EA2BE9551CC2
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk.vir	--a---- 1122 bytes	[16:55 07/01/2014]	[16:55 07/01/2014] FF9FF66E33EE9FCB42D07476368B395F

Searching for "*OpenCandy*.*"
No files found.

Searching for "*iBryte*.*"
No files found.

Searching for "*InstallBrain*.*"
No files found.

Searching for "*Bandoo*.*"
No files found.

Searching for "*RegCleanerPro*.*"
No files found.

Searching for "*Conduit*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll.vir	--a---- 131072 bytes	[20:41 15/05/2010]	[13:17 29/01/2010] 46AF9FD0352FF1B734BE5C18875AFB6A
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll	--a---- 1205536 bytes	[18:10 25/05/2011]	[18:10 25/05/2011] 24B0E635B15BF43E6F7429AC6383CAB7
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist	--a---- 11408 bytes	[18:10 25/05/2011]	[18:10 25/05/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Program Files (x86)\Common Files\Dell\apache\htdocs\web_common\wall\wurfl\data\multicache_tmp\conduits_palmbrowser_ver1.php	--a---- 179 bytes	[13:51 13/06/2013]	[13:51 13/06/2013] 5A41B13EEC0AD06994F5DF3E659578B1
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1391262_1386921_US.xml	--a---- 189 bytes	[00:21 09/12/2012]	[14:22 16/12/2012] F31698F5D0BB0FFDA51E3598FC6EA946
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1397277_1392935_US.xml	--a---- 491 bytes	[00:21 09/12/2012]	[14:22 16/12/2012] 60D1717FFE696963AAD3C67968BD2FCE
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1410096_1405754_US.xml	--a---- 194 bytes	[14:22 16/12/2012]	[14:22 16/12/2012] DF0854B21599C0FDF39E30F9ECCABD03
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_39981_39458_US.xml	--a---- 182 bytes	[02:59 27/03/2011]	[02:59 27/03/2011] B80C86C0371B119DE72536DCEBCDD118
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=522511&alertFeedId=518381.xml	--a---- 345 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 42CC23E5A17E7B721F1FFE4D84192190
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_45_203_CT2038145_Images_633628017266675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633856984376962500_gif.gif	--a---- 226 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] DBF7B74F8CB39FBECA2BE52D2029AF44
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633856984876650000_gif.gif	--a---- 636 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 52B5E7DB2A42798F88DDA3FB6E2922F3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633856985375243750_gif.gif	--a---- 596 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] F128B1D7C4855EA3831FD628FEDAD807
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633856986143525000_gif.gif	--a---- 223 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 783D4E36234758A2F11D821713577E46
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633856986997900000_gif.gif	--a---- 569 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] D58B091A339A5E94504C53AF750F8987
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633933748873500000_gif.gif	--a---- 402 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] A5C29A88A603F475881D12C94E8FCF4D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935574711218750_gif.gif	--a---- 645 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] EED6182B4A6AEBF679985AF21771584D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935576227156250_gif.gif	--a---- 646 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9DC8983234B570F0DA9D5C181A644D33
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935577047625000_gif.gif	--a---- 102 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 7495B621200C921A23345302A2D44EEC
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935581035437500_gif.gif	--a---- 160 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] B88CA3AB3940CC29485F1DD58063E2A9
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935583214656250_gif.gif	--a---- 258 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] E7C8E4CCB3F967C18043052FC8935B83
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935584531375000_gif.gif	--a---- 274 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 1B340E4D0F0E3EA254219989003C0BDB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935586029343750_gif.gif	--a---- 293 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] F6BCC21A6A094E65E60CF5AFE961FD69
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935587183875000_gif.gif	--a---- 81 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] B4BFFDD840C4E4A3B1F33C3D9663DCC1
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935591890125000_gif.gif	--a---- 368 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 915D2C6C0926889653A870577625EDE5
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935593154968750_gif.gif	--a---- 298 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] D60B309025960852A536E86C15F2F7A9
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935594921843750_gif.gif	--a---- 891 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 41CF7493AAEAD765B575595650964E8E
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935596098250000_gif.gif	--a---- 900 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 90E9E596E914AB33E8910BAA44CA1593
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935598941687500_gif.gif	--a---- 1059 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 268B8DDD3481E6D6220BF55E810DF90F
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935606579968750_gif.gif	--a---- 1107 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 6D31AC85D3F98721EE30C453E49CD4E3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633935607113250000_gif.gif	--a---- 211 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4F091BF450391A1F384B51C285E67A69
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_58786575-7deb-474a-9b29-5b95e08a44bd633937212165118750_gif.gif	--a---- 975 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 17A07CE78A77780A71F6B7E5D535EFCB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632042366525000_gif.gif	--a---- 356 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 87DB77C45873FAC18D54A04CD3DE6BB2
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632042728712500_gif.gif	--a---- 291 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] BE7AACC7B3C62ACE2B8365537EFBB754
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632043119181250_gif.gif	--a---- 398 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 8875623C02A34B2420AC0109E4B296DE
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044574962500_gif.gif	--a---- 587 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 6C5BAB552EC278248675D8C5C9479619
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044646525000_gif.gif	--a---- 635 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FF2A16DA6106FC37E965AFDE07CEAFB0
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044730431250_gif.gif	--a---- 588 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2968EC0A3F55631E98BDA9FBA2662E19
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044816368750_gif.gif	--a---- 654 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 783B08D1E98F3169E55CF3E668FDF715
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044898243750_gif.gif	--a---- 608 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] C2D8FCA1321D717641A72708C7A0F7F0
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632044980587500_gif.gif	--a---- 639 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 99ED6AB3546600A9FE5CD67C4C00ED92
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045069493750_gif.gif	--a---- 767 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 46C28C3ACDA4165F638D5027E75F7E1B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045160118750_gif.gif	--a---- 1053 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 67E34078F9D24F291F216B5626D768AF
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045275118750_gif.gif	--a---- 1053 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 1C4F7D165CA1BAB2C8D76D30E11000AF
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045358400000_gif.gif	--a---- 587 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 801E10F2AEA1CAC71D6931A5688846E6
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045811681250_gif.gif	--a---- 1014 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 1EECDA22DEA342AAE26E75E90ACDE389
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632045959806250_gif.gif	--a---- 563 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] F07DDA55299DE037A2FA151EE6B50241
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632046061368750_gif.gif	--a---- 352 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FC829E4DA4827ED0748015F0A5DCFC5B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632046128556250_gif.gif	--a---- 1073 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 96601E002DD876CF1CB7550275902717
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632046294337500_gif.gif	--a---- 614 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] E8627A1635E76A7A40A880FFE4A19C34
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632046362618750_gif.gif	--a---- 565 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 08B956A584AF2234CC5BF238AAA87F6B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632102071368750_gif.gif	--a---- 577 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] B9F95F09EB1050FA590B51B2BC10A484
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632103308087500_gif.gif	--a---- 1026 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 6A738951B0AC38FBB1806A168A3406FD
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632104865743750_gif.gif	--a---- 211 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] D6B0EE472FE2E24465C02FE90BB2315E
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632106325743750_gif.gif	--a---- 849 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9488A2C927DEFEE55DD21503A8D260C4
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632108539962500_gif.gif	--a---- 166 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 59622C6015AA0BB4A03D935ADC30BA2C
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633632111547931250_gif.gif	--a---- 644 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] D58BDDBE7BC98C3992E736507F5D736A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633637554254375000_gif.gif	--a---- 549 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] AC117138EF540F827FAC00407932C118
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633637555161093750_gif.gif	--a---- 547 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2929FFDF10880D79702656645C38E96C
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633637556125468750_gif.gif	--a---- 553 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9AF3687E7A7026CEF8391F63E33E2217
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633637557088906250_gif.gif	--a---- 552 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 538BF0D6C39FAAC686BCC7D19C885B36
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654716861862500_gif.gif	--a---- 320 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 71EB7FC33DFFDE940919C3B8EFE2DE03
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654716928737500_gif.gif	--a---- 324 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 7CF69859B66590C7BBFF373582E7EACA
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654717003737500_gif.gif	--a---- 320 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] DEC11341C7B79F61A6C9D0CAC9A50AE5
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654717076393750_gif.gif	--a---- 338 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 08882702D263C38EF03FBF4B1DA7302B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654717188112500_gif.gif	--a---- 331 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] EE0B87750282313C055F0F9409F9FD7A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654733928425000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654733969518750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734005143750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734064206250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734099518750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734144831250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734198268750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734242800000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734306862500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734346081250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734383425000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734427175000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734476706250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734525300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734567800000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734629831250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734684050000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734761862500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734850768750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734920300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734953737500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654734993425000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735038893750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735080143750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735121862500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735153112500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735187487500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735227018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735260300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735296393750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735342175000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735383893750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735423893750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735467331250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735526550000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735566081250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735597643750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735635300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735672487500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735702018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735734362500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735772956250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735806393750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735840300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735883268750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735924518750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735957800000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654735999987500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736038893750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736078737500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736116706250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736145768750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736175300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736222643750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736253112500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736296237500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736337331250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736374831250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736409675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736449675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736489675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736543268750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736592018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736642175000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736686862500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736728737500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736765456250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736832018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736867487500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736904987500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736937643750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654736969518750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737014050000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737065612500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737144050000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737428268750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737462018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737494675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737531706250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737572331250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737605925000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737647487500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737682800000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737718737500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737755456250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737804987500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737880612500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737917018750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737956550000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654737988425000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738030300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738178112500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738224675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738258425000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738311393750_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738350925000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738403581250_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738499675000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738555300000_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633654738609987500_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4A6536E23F840EC3AAC9B22673D01187
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655641918900000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642019837500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642057650000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642098587500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642135462500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642176400000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642233431250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642273587500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642308275000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642347650000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642391868750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642426400000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642461087500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642507025000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642551400000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642588275000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642638587500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642673743750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642707181250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642737650000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642769212500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642807650000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642838431250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642876556250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642916400000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655642967493750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643010775000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643052806250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643105150000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643143900000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643184212500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643245462500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643283275000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643319056250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643356868750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643398431250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643436087500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643468587500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643505775000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643543431250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643598275000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643637650000_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643682493750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643718587500_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643754681250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643795931250_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633655643839993750_gif.gif	--a---- 67 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2C4ADADF50C685AE352EDFA43486610B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633656367072462500_gif.gif	--a---- 1181 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 81DB55A0AA6224672C997F54D6A0FB7A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633656367276212500_gif.gif	--a---- 1191 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 5666C73D77637BFC15B8708238F96962
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633656367463556250_gif.gif	--a---- 1125 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 5B3DB9D91AEEA00A6819947DC7F96AF3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633656367608556250_gif.gif	--a---- 1134 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9E5DBE77A9D15DEB3D99FF0B0CEF2939
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633936819456468750_gif.gif	--a---- 1373 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] A3F2A7CE8AA8F73B88BFA9F96EA8E40D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633989814584523750_gif.gif	--a---- 1644 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] B519FB8729268DB2FA11E787D3F0F768
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_633989818057805000_gif.gif	--a---- 1811 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 7F26121BFF891A9F5FB2EFB9ED3AB19D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514396812500_gif.gif	--a---- 807 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 82837713BF494C7030545B0A9206BF3A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928514651500000_gif.gif	--a---- 795 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 38AA2E910A6BC85D2D21B4275C7C7CC6
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515153218750_gif.gif	--a---- 780 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 212EA9AD68D504270D130EACF557FBBB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928515625406250_gif.gif	--a---- 746 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 650C29E78EA53718ED47CAAED90ECCC0
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928516582593750_gif.gif	--a---- 703 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 0EB95A4739F70FFC36D3BFCD11A5A4C3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928518508687500_gif.gif	--a---- 756 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4D710CFBB1EFE9760AF366753EAF56BE
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928520437437500_gif.gif	--a---- 750 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 0A4E9074159FD3098E62FA2346AB53EE
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928521568375000_gif.gif	--a---- 781 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] E83A19C7E45275220F3CCFD66058F419
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928522657437500_gif.gif	--a---- 804 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 5D0E297171A7362DF2B89F3C86D2E89F
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928523986031250_gif.gif	--a---- 743 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 6505C99500D9AADFA23F45DA90103397
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928524691187500_gif.gif	--a---- 764 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 602FAD643C070969C5B989BC7D329ECF
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928525741656250_gif.gif	--a---- 800 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 57F91F3C9DE5F89FCBED6790DF226B28
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928526163843750_gif.gif	--a---- 796 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FA2075914BBC941171265A83E381FE03
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928531073531250_gif.gif	--a---- 730 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] F91219C95A53E0208B25CD41B53B582F
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928532905562500_gif.gif	--a---- 767 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 42969F683E94B68E06DB6A6CD1327ACB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928535258062500_gif.gif	--a---- 796 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FA2075914BBC941171265A83E381FE03
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633928538806656250_gif.gif	--a---- 774 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] EE2C479443CC660882815CC231637519
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633977979582650000_gif.gif	--a---- 9802 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 975505513FFD270AE5845FE17B8FF96F
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633981235537028750_gif.gif	--a---- 9873 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 43ABDEB47DEBFA0F87FBF7B044A56585
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633982226882960000_gif.gif	--a---- 4733 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 007474C5C883B185DDC760AFE994E79D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633983164109843750_gif.gif	--a---- 9723 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 02548C3E3065697AF0059C3B07841D58
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633988272667341250_gif.gif	--a---- 9692 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9FFCA6C4B48937107A15EE2AA97949F3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633988274245310000_gif.gif	--a---- 9832 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 38197D3865B573AD701163C668C83419
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633993497064213750_gif.gif	--a---- 9890 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] E8C7B2D165078AD2AE7A700080E49AC2
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4633999431979213750_gif.gif	--a---- 11807 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 868441AD29D7E78C523C7C575E360B1D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634072105866390000_gif.gif	--a---- 586 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9D546435DA09EBCBD69F5F22541940AA
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634072106774671250_gif.gif	--a---- 373 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 8B2DBE64DE6CB01CFC37F1C6037C927A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634072107410140000_gif.gif	--a---- 683 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 7F9550454BA36B91AA8EE4E40E1EB7A6
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103161468687500_gif.gif	--a---- 769 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] A2DB468632991CE06D13498ACDBC1009
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103172691035000_gif.gif	--a---- 1209 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] BC5DA0069E9A61FF93D24E9F6133309E
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103175975718750_gif.gif	--a---- 672 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] DF5CC9288014695AA453E6715754B6F5
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103176845720000_gif.gif	--a---- 331 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 05E0CFFEB7624A1D514B46BD6D269CDA
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103183890405000_gif.gif	--a---- 1196 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] A4CF0524F4F4E3B9386DA2CB1939BD6B
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634103184880561250_gif.gif	--a---- 1119 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 93ED8C0A36CC1890B794CF374BDADBAB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_d0aaf21a-6142-4158-9933-5246f32327e4634135788144041250_gif.gif	--a---- 704 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4260647B5DFD0387F9239F7BFF72F835
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_Email_xml-0-Classic-634091427939923750_gif.gif	--a---- 94 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] B25C64236C6B80709B6DE99AF393382D
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_78_211_CT2117678_Images_PopUpBlocker-00_gif-Shiny-634091427633830000_gif.gif	--a---- 86 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FA7F0ED5DD9B2FD1280F5AF0700EAFE0
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif	--a---- 159 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] FF164EABA285C2E614EBFD967FEF9732
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_bankimages_silkset_control_play_blue_gif.gif	--a---- 424 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 3BF196BC57B2F8480B6CDB45D39F74CC
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_about_gif.gif	--a---- 520 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9B1C5CAAA3882ABFBA436BEB9DC03004
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_configure_gif.gif	--a---- 375 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] CBA2CE63B85B75C87BC95780FC1E1F80
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_games_gif.gif	--a---- 460 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 01A866F6CB697B0593C3D55E1B0E7367
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_mail_gif.gif	--a---- 498 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 4AD17AF84A67CDBBA8B27ED0504587B5
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_news_gif.gif	--a---- 590 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2F24A8713800B4626C849214A83A93CC
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_notepad_gif.gif	--a---- 440 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 9AFDE1BA2574C5FBFC98B75F3EF3D77F
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_timer_alarm_gif.gif	--a---- 502 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] DE5CACB5CB8A5CE4FAFBD27AA6C83EF3
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_BankImages_vectoria_tools_gif.gif	--a---- 417 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 2F6727FDD0651FA4D88902FB066904FE
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif	--a---- 419 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif	--a---- 403 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif	--a---- 414 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] A9E001CBC00B06B121DFBC80707F5298
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif	--a---- 278 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif	--a---- 405 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif	--a---- 405 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif	--a---- 361 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif	--a---- 425 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 6427565C7105DC497287866100F260BB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif	--a---- 381 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif	--a---- 351 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] C3EBA0237D68F665AF6D663906221092
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif	--a---- 392 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 5E7217A3357550F9749A095631F51015
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif	--a---- 399 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif	--a---- 405 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif	--a---- 371 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif	--a---- 322 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] 948781E4B6478290050ECA4423B89B1E
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif	--a---- 625 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] C23D4DB18B6BB4F38ECBA57AD414A5CF
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif	--a---- 240 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] AE5A39669C623937C0839E079E1088D5
C:\Users\AppData\LocalLow\NCH\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif	--a---- 173 bytes	[23:29 06/07/2010]	[23:29 06/07/2010] E509575F473727B14C87367068C42353
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\CLHMOCFT\facebook.conduitapps[1].xml	--a---- 13 bytes	[00:21 09/12/2012]	[00:21 09/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\J0V6XY8I\cap1.conduit-apps[1].xml	--a---- 13 bytes	[00:21 09/12/2012]	[00:21 09/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\KLCOMPHZ\storage.conduit[1].xml	--a---- 13 bytes	[00:21 09/12/2012]	[00:21 09/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\LBAE4VL4\find.conduit[1].xml	--a---- 13 bytes	[00:21 09/12/2012]	[00:21 09/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4G1K470I\cap1.conduit-apps[1].xml	--a---- 13 bytes	[21:30 17/11/2012]	[21:30 17/11/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\storage.conduit[1].xml	--a---- 13 bytes	[21:30 17/11/2012]	[21:30 17/11/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\M9O6DQNV\facebook.conduitapps[1].xml	--a---- 13 bytes	[21:30 17/11/2012]	[21:30 17/11/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PX6NNU2Q\find.conduit[1].xml	--a---- 13 bytes	[21:30 17/11/2012]	[21:30 17/11/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*GreatArcadeHits*.*"
No files found.

Searching for "*SearchProtect*.*"
No files found.

========== folderfind ==========

Searching for "*825464l2s864n588q817j4buq4w1*"
No folders found.

Searching for "*LuckyLeap*"
No folders found.

Searching for "*Wajam*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\Wajam	d------	[18:21 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam	d------	[18:21 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam	d------	[18:21 22/09/2014]

Searching for "*OpenCandy*"
No folders found.

Searching for "*iBryte*"
No folders found.

Searching for "*InstallBrain*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*RegCleanerPro*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\toolbarconduit	d------	[18:20 22/09/2014]
C:\Users\AppData\LocalLow\Conduit	d------	[23:29 06/07/2010]
C:\Users\AppData\LocalLow\NCH\Repository\conduit_CT2117678_CT2117678	d------	[23:29 06/07/2010]

Searching for "*GreatArcadeHits*"
No folders found.

Searching for "*SearchProtect*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\SearchProtect	d------	[18:21 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\SearchProtect\SearchProtect	d------	[18:21 22/09/2014]

========== regfind ==========

Searching for "825464l2s864n588q817j4buq4w1"
No data found.

Searching for "LuckyLeap"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net]

Searching for "Wajam"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam]

Searching for "OpenCandy"
No data found.

Searching for "iBryte"
No data found.

Searching for "InstallBrain"
No data found.

Searching for "Bandoo"
No data found.

Searching for "RegCleanerPro"
No data found.

Searching for "Conduit"


----------



## duhme (Dec 2, 2003)

I located this older one.Is that ok? When i press look it seems the scanner is not scanning. Isnt there suppose to be some moving of the little dots after the word scanning?


----------



## eddie5659 (Mar 19, 2001)

Sorry, just seen this reply 

Nope, it just stays greyed out and after a while the log appears. I'll go through what there is here when I get home, and post the final part that may have been missed


----------



## eddie5659 (Mar 19, 2001)

Okay, you have a lot of the NCH Software entries relate to a program called Switch Sound File Converter, do you use it?

Now, I do actually realise why it would have taken so long, and that was due to the NCH entries, of which the above question is related to.

Whilst I wait for an answer, can you try this code in SystemLook again. It shouldn't take that long, so when its scanning, let it run, and when its finished, a Notepad window will appear. If you stop it running halfway through, it only creates a log for what it found 


```
:regfind
Conduit
GreatArcadeHits
SearchProtect
095BFD3C-4602-4FE1-96F1-AEFAFBFD067D
1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634
431532BD-0AE1-4ABC-BE8C-919F3D1332E2
5D64294B-1341-4FE7-B6D8-7C36828D4DD5
A7A6995D-6EE1-4FD1-A258-49395D5BF99C
jpmbfleldcgkldadpdinhjjopdfpjfjp
Install PDF Speed
:dir
C:\Windows\SysNative\tasks\4612 /s
```


----------



## duhme (Dec 2, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 18:39 on 18/11/2014 by john
Administrator - Elevation successful

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\NCH Software\Components\toolbarconduit]
[HKEY_CURRENT_USER\Software\NCH Software\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"
[HKEY_CURRENT_USER\Software\NCH Swift Sound\Components\toolbarconduit]
[HKEY_CURRENT_USER\Software\NCH Swift Sound\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"CB06793473776834B9D19AA0E3A822AE"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"CB06793473776834B9D19AA0E3A822AE"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NCH Software\Components\toolbarconduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NCH Software\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\toolbarconduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NCH Swift Sound\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\NCH Software\Components\toolbarconduit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\NCH Software\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\NCH Swift Sound\Components\toolbarconduit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\NCH Swift Sound\Components\toolbarconduit]
"Path"="C:\Program Files (x86)\NCH Software\Components\toolbarconduit\ToolBarConduit.dll"

Searching for "GreatArcadeHits"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "095BFD3C-4602-4FE1-96F1-AEFAFBFD067D"
No data found.

Searching for "1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634"
No data found.

Searching for "431532BD-0AE1-4ABC-BE8C-919F3D1332E2"
No data found.

Searching for "5D64294B-1341-4FE7-B6D8-7C36828D4DD5"
No data found.

Searching for "A7A6995D-6EE1-4FD1-A258-49395D5BF99C"
No data found.

Searching for "jpmbfleldcgkldadpdinhjjopdfpjfjp"
No data found.

Searching for "Install PDF Speed"
No data found.

========== dir ==========

C:\Windows\SysNative\tasks\4612 - Unable to find folder.

-= EOF =-


----------



## duhme (Dec 2, 2003)

switch file converter? I have no clue to what it is. My son used to use my computer a lot, he may use it, Whats its purpose? sorry I didnt wait longer on the old scanning.I didnt think it took that long. Just impatient me.


----------



## eddie5659 (Mar 19, 2001)

That's okay, we'll leave the program there as he may still use it 

Can you go to Programs and Features via Control Panel, and uninstall this (if present):

*Web Protect for Windows*

We'll remove some entries now and then look for remains etc of the program above.

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam]
:Files
C:\Users\john\AppData\Local\825464l2s864n588q817j4buq4w1
C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\825464l2s864n588q817j4buq4w1
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\static.luckyleap[1].xml
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1391262_1386921_US.xml
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1397277_1392935_US.xml
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1410096_1405754_US.xml
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_39981_39458_US.xml
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=522511&alertFeedId=518381.xml
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\CLHMOCFT\facebook.conduitapps[1].xml
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\J0V6XY8I\cap1.conduit-apps[1].xml
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\KLCOMPHZ\storage.conduit[1].xml
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\LBAE4VL4\find.conduit[1].xml
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4G1K470I\cap1.conduit-apps[1].xml
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\storage.conduit[1].xml
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\M9O6DQNV\facebook.conduitapps[1].xml
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PX6NNU2Q\find.conduit[1].xml
C:\Users\AppData\LocalLow\Conduit
ipconfig /flushdns /c
:Commands
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[purity]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

-----------------------------------------

After doing the above, can you re-run SystemLook with the folowing code. Again, it may take a while depending on what it finds 


```
:filefind
*monitorsvc.exe
*PCTRunner*.*
*myosprotect*.*
*monitor.exe
*pcwatch.sys
*GreatArcadeHits*.*
*GDIPFONTCACHEV1*.*
:folderfind
*PCTRunner*
*GreatArcadeHits*
:regfind
1A86F607-D30E-46c7-A7F5-44F690F0ABB7
MyOSProtect
06FD4518-2CAB-4473-AA8D-0508134C6C1F
2F101D36-9749-4730-AA02-F1F8BD1193EA
533403E2-6E21-4615-9E28-43F4E97E977B
59A8D713-E25C-4c3f-AB27-44A4FEDD9328
94B83936-77EA-4708-8FC5-F3BBC55C2A32
DA5534ED-88FD-49fa-9D2D-B92584CB21AC
DE4EF20E-BC71-4a63-BC1E-C13B37815A00
E3F32F05-71B6-44c5-8BEE-13D239E27E98
3E4048A7-8F44-48DC-9163-16A4803F7826
PCTRunner
pcwatch
ProtectMonitor
GreatArcadeHits
```
So, in the above code, it starts with *:filefind*, and ends with *GreatArcadeHits*

Like I said, this may take a while, but hopefully after this final scan, we can remove the final remains, and see how its going 

Again, sorry for the delay in replying 

eddie


----------



## duhme (Dec 2, 2003)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\luckyleap.net\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Wajam\ not found.
========== FILES ==========
C:\Users\john\AppData\Local\825464l2s864n588q817j4buq4w1 moved successfully.
C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\825464l2s864n588q817j4buq4w1 moved successfully.
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\static.luckyleap[1].xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1391262_1386921_US.xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1397277_1392935_US.xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1410096_1405754_US.xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_39981_39458_US.xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=522511&alertFeedId=518381.xml moved successfully.
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\CLHMOCFT\facebook.conduitapps[1].xml moved successfully.
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\J0V6XY8I\cap1.conduit-apps[1].xml moved successfully.
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\KLCOMPHZ\storage.conduit[1].xml moved successfully.
C:\Users\john\AppData\Local\Microsoft\Internet Explorer\DOMStore\LBAE4VL4\find.conduit[1].xml moved successfully.
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4G1K470I\cap1.conduit-apps[1].xml moved successfully.
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K33WQ4U3\storage.conduit[1].xml moved successfully.
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\M9O6DQNV\facebook.conduitapps[1].xml moved successfully.
C:\Users\john\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PX6NNU2Q\find.conduit[1].xml moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\AppData\LocalLow\Conduit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\john\Downloads\cmd.bat deleted successfully.
C:\Users\john\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: john
->Temp folder emptied: 14718167 bytes
->Temporary Internet Files folder emptied: 102141471 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 383749330 bytes
->Flash cache emptied: 182776 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1557600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46708455 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1575933 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 11813379 bytes

Total Files Cleaned = 536.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: john
->Java cache emptied: 0 bytes

User: Public

User: RA Media Server

User: TEMP

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: john
->Flash cache emptied: 0 bytes

User: Public

User: RA Media Server

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11212014_180058

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET111B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET231.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## duhme (Dec 2, 2003)

Eddie, I am just happy someone can help and put up with my slowness in understanding simple directions. This site has been such a blessing to me. My son never has much time for his "old mom". I try to understand but its hard to. My son says he doesnt need or me that program switch file converter.He tells me all the time I have too much crap on the computer. How it gets there...I dont know.


----------



## eddie5659 (Mar 19, 2001)

That's perfectly fine, we all have to start somewhere in computers 

I've actually just got home, as I had to stay late for some urgent work. Its 9.15pm here, still need my dinner, so will reply here tomorrow, when I feel more awake 

Just to let you know I'm still around


----------



## duhme (Dec 2, 2003)

glad to hear that. Get your rest.


----------



## eddie5659 (Mar 19, 2001)

I see you have a birthday soon (little cake by your name). Hope you have a nice day :up:

Feel a bit better, but out tomorrow night for someones leaving do, so will have a looksee when I get home 

Can you re-run SystemLook with the folowing code. Again, it may take a while depending on what it finds 


```
:filefind
*monitorsvc.exe
*PCTRunner*.*
*myosprotect*.*
*monitor.exe
*pcwatch.sys
*GreatArcadeHits*.*
*GDIPFONTCACHEV1*.*
:folderfind
*PCTRunner*
*GreatArcadeHits*
:regfind
1A86F607-D30E-46c7-A7F5-44F690F0ABB7
MyOSProtect
06FD4518-2CAB-4473-AA8D-0508134C6C1F
2F101D36-9749-4730-AA02-F1F8BD1193EA
533403E2-6E21-4615-9E28-43F4E97E977B
59A8D713-E25C-4c3f-AB27-44A4FEDD9328
94B83936-77EA-4708-8FC5-F3BBC55C2A32
DA5534ED-88FD-49fa-9D2D-B92584CB21AC
DE4EF20E-BC71-4a63-BC1E-C13B37815A00
E3F32F05-71B6-44c5-8BEE-13D239E27E98
3E4048A7-8F44-48DC-9163-16A4803F7826
PCTRunner
pcwatch
ProtectMonitor
GreatArcadeHits
```
So, in the above code, it starts with *:filefind*, and ends with *GreatArcadeHits*

Like I said, this may take a while, but hopefully after this final scan, we can remove the final remains, and see how its going 

After that, we should be ready to remove the remains, if any are there of course 

eddie


----------



## duhme (Dec 2, 2003)

Yes,My Birthday is the 26th. I am too old too cut the mustard anymore. You probably never heard of that song have you? My grandparents had that record.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:52 on 25/11/2014 by john
Administrator - Elevation successful

========== filefind ==========

Searching for "*monitorsvc.exe"
No files found.

Searching for "*PCTRunner*.*"
No files found.

Searching for "*myosprotect*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\MyOSProtect.dll.vir	--a---- 304776 bytes	[18:28 01/09/2014]	[18:28 01/09/2014] F2E5A0CC408405C595A9CDBF854A38E1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\MyOSProtect.exe.vir	--a---- 1317096 bytes	[18:26 01/09/2014]	[18:26 01/09/2014] 411F9EEF72CACD4E76431B282099A3A6
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\MyOSProtect.tlb.vir	--a---- 51112 bytes	[18:25 01/09/2014]	[18:25 01/09/2014] 2E5E63FA9E03BC0D3BF23C6AC8774ECA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Protect\MyOSProtect64.dll.vir	--a---- 350768 bytes	[18:28 01/09/2014]	[18:28 01/09/2014] BD7EA9AECC6E518F26AEC7B3DA2CEB50
C:\AdwCleaner\Quarantine\C\Windows\System32\MyOSProtect64.dll.vir	--a---- 350768 bytes	[01:41 21/09/2014]	[18:28 01/09/2014] BD7EA9AECC6E518F26AEC7B3DA2CEB50
C:\AdwCleaner\Quarantine\C\Windows\System32\MyOSProtectOff.ini.vir	--a---- 2280 bytes	[01:42 21/09/2014]	[01:42 21/09/2014] 9C6486B9D75229EC649B829696ACC9E7
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\MyOSProtect.dll.vir	--a---- 304776 bytes	[01:41 21/09/2014]	[18:28 01/09/2014] F2E5A0CC408405C595A9CDBF854A38E1
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\MyOSProtect.ini.vir	--a---- 4328 bytes	[01:42 21/09/2014]	[01:42 21/09/2014] CF8835BCD78A420D0E48E5D9089862E5
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\MyOSProtectOff.ini.vir	--a---- 2280 bytes	[01:42 21/09/2014]	[01:42 21/09/2014] 7D4BBED9E65891D7C6840790EB4B0EB4

Searching for "*monitor.exe"
C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Monitor.exe	--a---- 106496 bytes	[21:07 03/12/2009]	[17:28 20/08/2006] 4B5739730F5E7457899A3567E7070EEB

Searching for "*pcwatch.sys"
No files found.

Searching for "*GreatArcadeHits*.*"
No files found.

Searching for "*GDIPFONTCACHEV1*.*"
C:\Users\john\AppData\Local\GDIPFONTCACHEV1.DAT	--a---- 66384 bytes	[17:12 14/10/2009]	[20:28 24/01/2013] 808D9936C866DB876464C00639D6DB7E
C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	--a---- 66384 bytes	[17:09 14/10/2009]	[11:42 27/10/2014] 11D6484BDBDF8CF24B5BAADFD24DBF18

========== folderfind ==========

Searching for "*PCTRunner*"
No folders found.

Searching for "*GreatArcadeHits*"
No folders found.

========== regfind ==========

Searching for "1A86F607-D30E-46c7-A7F5-44F690F0ABB7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyOSProtect.EXE]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\MyOSProtect.EXE]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\MyOSProtect.EXE]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
"AppID"="{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}"

Searching for "MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyOSProtect.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
@="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
"LocalService"="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ProgID]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\VersionIndependentProgID]
@="MyOSProtectLib.ReadOnlyManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ProgID]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\VersionIndependentProgID]
@="MyOSProtectLib.DataContainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ProgID]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\VersionIndependentProgID]
@="MyOSProtectLib.WatchDog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ProgID]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\VersionIndependentProgID]
@="MyOSProtectLib.LSPLogic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ProgID]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\VersionIndependentProgID]
@="MyOSProtectLib.DataTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ProgID]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\VersionIndependentProgID]
@="MyOSProtectLib.DataController"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ProgID]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\VersionIndependentProgID]
@="MyOSProtectLib.DataTableHolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer\CurVer]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController\CurVer]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable\CurVer]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields\CurVer]
@="MyOSProtectLib.DataTableFields.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder\CurVer]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic\CurVer]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager\CurVer]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog\CurVer]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0]
@="MyOSProtect 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0\0\win32]
@="C:\Program Files (x86)\Web Protect\MyOSProtect.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\MyOSProtect.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
@="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
"LocalService"="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ProgID]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\VersionIndependentProgID]
@="MyOSProtectLib.ReadOnlyManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ProgID]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\VersionIndependentProgID]
@="MyOSProtectLib.DataContainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ProgID]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\VersionIndependentProgID]
@="MyOSProtectLib.WatchDog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ProgID]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\VersionIndependentProgID]
@="MyOSProtectLib.LSPLogic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ProgID]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\VersionIndependentProgID]
@="MyOSProtectLib.DataTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ProgID]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\VersionIndependentProgID]
@="MyOSProtectLib.DataController"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ProgID]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\VersionIndependentProgID]
@="MyOSProtectLib.DataTableHolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer\CurVer]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController\CurVer]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable\CurVer]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields\CurVer]
@="MyOSProtectLib.DataTableFields.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder\CurVer]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic\CurVer]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager\CurVer]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog\CurVer]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0]
@="MyOSProtect 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0\0\win32]
@="C:\Program Files (x86)\Web Protect\MyOSProtect.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\MyOSProtect.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
@="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
"LocalService"="MyOSProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ProgID]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\VersionIndependentProgID]
@="MyOSProtectLib.ReadOnlyManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ProgID]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\VersionIndependentProgID]
@="MyOSProtectLib.DataContainer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ProgID]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\VersionIndependentProgID]
@="MyOSProtectLib.WatchDog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ProgID]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\VersionIndependentProgID]
@="MyOSProtectLib.LSPLogic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ProgID]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\VersionIndependentProgID]
@="MyOSProtectLib.DataTable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ProgID]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\VersionIndependentProgID]
@="MyOSProtectLib.DataController"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\LocalServer32]
@=""C:\Program Files (x86)\Web Protect\MyOSProtect.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ProgID]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\VersionIndependentProgID]
@="MyOSProtectLib.DataTableHolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer\CurVer]
@="MyOSProtectLib.DataContainer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController\CurVer]
@="MyOSProtectLib.DataController.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable\CurVer]
@="MyOSProtectLib.DataTable.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields\CurVer]
@="MyOSProtectLib.DataTableFields.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder\CurVer]
@="MyOSProtectLib.DataTableHolder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic\CurVer]
@="MyOSProtectLib.LSPLogic.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager\CurVer]
@="MyOSProtectLib.ReadOnlyManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog\CurVer]
@="MyOSProtectLib.WatchDog.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0]
@="MyOSProtect 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\1.0\0\win32]
@="C:\Program Files (x86)\Web Protect\MyOSProtect.tlb"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MyOSProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\29917C55]
"AppFullPath"="C:\Program Files (x86)\Web Protect\MyOSProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\MyOSProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\AppId_Catalog\29917C55]
"AppFullPath"="C:\Program Files (x86)\Web Protect\MyOSProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\29917C55]
"AppFullPath"="C:\Program Files (x86)\Web Protect\MyOSProtect.exe"

Searching for "06FD4518-2CAB-4473-AA8D-0508134C6C1F"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager.1\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager.1\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager.1\CLSID]
@="{06FD4518-2CAB-4473-AA8D-0508134C6C1F}"

Searching for "2F101D36-9749-4730-AA02-F1F8BD1193EA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer.1\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer.1\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer.1\CLSID]
@="{2F101D36-9749-4730-AA02-F1F8BD1193EA}"

Searching for "533403E2-6E21-4615-9E28-43F4E97E977B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields.1\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields.1\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields.1\CLSID]
@="{533403E2-6E21-4615-9E28-43F4E97E977B}"

Searching for "59A8D713-E25C-4c3f-AB27-44A4FEDD9328"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog.1\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog.1\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog.1\CLSID]
@="{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}"

Searching for "94B83936-77EA-4708-8FC5-F3BBC55C2A32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic.1\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic.1\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic.1\CLSID]
@="{94B83936-77EA-4708-8FC5-F3BBC55C2A32}"

Searching for "DA5534ED-88FD-49fa-9D2D-B92584CB21AC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable.1\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable.1\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable.1\CLSID]
@="{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}"

Searching for "DE4EF20E-BC71-4a63-BC1E-C13B37815A00"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController.1\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController.1\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController.1\CLSID]
@="{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}"

Searching for "E3F32F05-71B6-44c5-8BEE-13D239E27E98"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder.1\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder.1\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder.1\CLSID]
@="{E3F32F05-71B6-44c5-8BEE-13D239E27E98}"

Searching for "3E4048A7-8F44-48DC-9163-16A4803F7826"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\TypeLib]
@="{3E4048A7-8F44-48dc-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\TypeLib]
@="{3E4048A7-8F44-48DC-9163-16A4803F7826}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]

Searching for "PCTRunner"
No data found.

Searching for "pcwatch"
No data found.

Searching for "ProtectMonitor"
No data found.

Searching for "GreatArcadeHits"
No data found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Song sounds familiar, like all sorts of music. Got many Black Sabbath and even like some Muddy Waters stuff, so any year/any genre: if I like it, I have it 

Thanks for the list, will take a while to go through to create the fix, so bear with me


----------



## eddie5659 (Mar 19, 2001)

Okay, I can't see switch file converter in your uninstall list, so can you see if its in Start | Programs | Switch Sound File Converter.

After that (even if you can uninstall) can you run the below fix, to remove the folder etc.

-------------

First of all, we'll create a backup of the Registry, just in case. 99.99% of the time nothing happens, but its better to be safe 

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










-----

After doing that, lets run the fix to remove the registry entries leftover.

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT]
:Files
C:\Users\AppData\LocalLow\NCH
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\MyOSProtect.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyOSProtect.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog.1]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MyOSProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\MyOSProtect]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C27B569-9410-406B-BA79-3EF654739236}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}]
:Commands
[emptytemp]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

eddie


----------



## duhme (Dec 2, 2003)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\AppData\LocalLow\NCH\UserDefinedItems folder moved successfully.
C:\Users\AppData\LocalLow\NCH\Repository\conduit_CT2117678_CT2117678\ToolbarSettings folder moved successfully.
C:\Users\AppData\LocalLow\NCH\Repository\conduit_CT2117678_CT2117678 folder moved successfully.
C:\Users\AppData\LocalLow\NCH\Repository folder moved successfully.
C:\Users\AppData\LocalLow\NCH\RadioPlayer folder moved successfully.
C:\Users\AppData\LocalLow\NCH\MyStuffComponents folder moved successfully.
C:\Users\AppData\LocalLow\NCH\Logs folder moved successfully.
C:\Users\AppData\LocalLow\NCH\LanguagePack\en-us folder moved successfully.
C:\Users\AppData\LocalLow\NCH\LanguagePack folder moved successfully.
C:\Users\AppData\LocalLow\NCH\EmailNotifier folder moved successfully.
C:\Users\AppData\LocalLow\NCH\CacheIcons folder moved successfully.
C:\Users\AppData\LocalLow\NCH folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A86F607-D30E-46c7-A7F5-44F690F0ABB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06FD4518-2CAB-4473-AA8D-0508134C6C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F101D36-9749-4730-AA02-F1F8BD1193EA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A8D713-E25C-4c3f-AB27-44A4FEDD9328}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B83936-77EA-4708-8FC5-F3BBC55C2A32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5534ED-88FD-49fa-9D2D-B92584CB21AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE4EF20E-BC71-4a63-BC1E-C13B37815A00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F32F05-71B6-44c5-8BEE-13D239E27E98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4048A7-8F44-48DC-9163-16A4803F7826}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\MyOSProtect.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyOSProtect.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataContainer.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataController.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTable.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableFields.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.DataTableHolder.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.LSPLogic.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.ReadOnlyManager.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyOSProtectLib.WatchDog.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataContainer.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataController.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable\CurVer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTable.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableFields.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.DataTableHolder.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.LSPLogic.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.ReadOnlyManager.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MyOSProtectLib.WatchDog.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataContainer.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataController.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTable.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableFields.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.DataTableHolder.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.LSPLogic.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.ReadOnlyManager.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MyOSProtectLib.WatchDog.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MyOSProtect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\MyOSProtect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C64747EF-5093-48B3-A876-579B3A529C27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C64747EF-5093-48B3-A876-579B3A529C27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C27B569-9410-406B-BA79-3EF654739236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A55DCF1-2410-4139-A579-15DED320D84A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632ACF93-7DAA-4CFD-8BB5-9DCBB9116176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA234CD-4043-46C6-922F-A39529AE3D4B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704C6F87-E9C5-44FE-B5AF-A84DB18AFB54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C64747EF-5093-48B3-A876-579B3A529C27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C64747EF-5093-48B3-A876-579B3A529C27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2179B6D-BB95-4004-8A51-B9E8FBE9FF24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3F16E3B-4C44-445B-8854-EB76DC059891}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: john
->Temp folder emptied: 14681698 bytes
->Temporary Internet Files folder emptied: 73089449 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 392742239 bytes
->Flash cache emptied: 1572 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1557600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 564354 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 460.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12022014_193108

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET111B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET231.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

"say no to the portion that asks you to add ERUNT to the start-up folder" I am not sure if I did this .


----------



## duhme (Dec 2, 2003)

Have i messed up too badly?


----------



## eddie5659 (Mar 19, 2001)

Sorry, had issues at work/home, so not really been at the computer much 

Nope, it looks like it all went very well 

Don't worry about the ERUNT bit, it just means it will be added. No issue either way 

Just replying so you know I'm here. Will reply fully in a bit, as I'm on the laptop as my main computer is running video editing software, whilst its trying to get videos ready for my Youtube Channel 

As soon as it stops, and the fan speed slows etc, I'll reply on there. Looking at it, that will be in an hour, give or take. And that's just the saving part, uploading to Youtube is even longer


----------



## eddie5659 (Mar 19, 2001)

Okay, finally back 

Looks good, so lets just have a quick look with OTL. We're doing a basic scan, will explain as follows. As for downloading OTL, no need to, as you already (should) have it 

Also, if only one log appears, that's okay 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## duhme (Dec 2, 2003)

OTL logfile created on: 12/7/2014 10:06:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.16% Memory free
4.17 Gb Paging File | 2.53 Gb Available in Paging File | 60.71% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.01 Gb Free Space | 63.87% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.92 Gb Free Space | 40.40% Space Free | Partition Type: NTFS

Computer Name: SANDY-PC | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/13 10:02:27 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/29 09:43:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Downloads\OTL.exe
PRC - [2014/09/18 22:58:37 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realone player\Update\realsched.exe
PRC - [2014/08/19 13:34:19 | 000,070,760 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
PRC - [2014/08/19 13:34:18 | 000,045,160 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\shellmon.exe
PRC - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
PRC - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/12/06 09:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1269191152\ee\aolsoftware.exe

========== Modules (No Company Name) ==========

MOD - [2014/08/19 13:34:19 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\zlib.dll
MOD - [2014/08/19 13:34:11 | 021,151,232 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libcef.dll
MOD - [2014/08/19 13:34:11 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libGLESv2.dll
MOD - [2014/08/19 13:34:11 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libEGL.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:*64bit:* - [2009/03/04 22:13:38 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:*64bit:* - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:*64bit:* - [2008/07/01 23:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:*64bit:* - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/21 18:23:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2013/12/06 09:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/27 22:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 03:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 03:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/10 06:46:16 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/30 11:20:16 | 000,091,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SurfBoard\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/04/13 09:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/04/13 09:48:10 | 000,189,680 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014/08/12 07:34:55 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:*64bit:* - [2013/12/06 09:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf_amd64.sys -- (PSI)
DRV:*64bit:* - [2013/02/26 22:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2013/02/14 02:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2013/02/08 03:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2013/02/08 03:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:*64bit:* - [2013/02/08 03:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:*64bit:* - [2013/02/08 03:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2013/02/08 03:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2012/09/04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:*64bit:* - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/05/18 14:11:20 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2010/01/12 05:42:24 | 000,302,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:*64bit:* - [2009/04/22 12:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:*64bit:* - [2009/02/08 21:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:*64bit:* - [2008/08/13 15:07:00 | 000,052,736 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\camfilt2.sys -- (camfilt2)
DRV:*64bit:* - [2008/07/01 23:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:*64bit:* - [2008/07/01 23:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:*64bit:* - [2008/07/01 23:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:*64bit:* - [2008/07/01 23:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:*64bit:* - [2008/07/01 23:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:*64bit:* - [2008/06/18 17:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:*64bit:* - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:*64bit:* - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw)
DRV:*64bit:* - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2014/09/09 16:52:25 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{A77EB0FB-55FE-4810-A075-804C267E1CDB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{FFC99910-AFB9-45EC-8022-2086D9F833CC}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: {53F9B74B-B22A-4EB0-9FEB-14F05390930C}:1501.2010.1213.1541
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.4.2
FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realone player\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\john\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/09/18 23:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/09/18 23:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\john\AppData\Roaming\Move Networks [2013/04/18 20:58:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{53F9B74B-B22A-4EB0-9FEB-14F05390930C}: C:\Users\john\AppData\Local\SurfBoard\PanelApp\ff [2013/04/18 20:58:08 | 000,000,000 | ---D | M]

[2012/06/21 17:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions
[2014/09/22 13:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions
[2013/04/18 20:58:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/11/05 15:38:47 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/04/18 20:58:12 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\[email protected]
[2012/05/27 16:02:10 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\y7o3et5m.default\extensions\[email protected]
[2012/06/23 16:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/02 07:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 12:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows LiveÂ® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\john\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\john\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realone player\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realone player\Netscape6\nprpplugin.dll
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl\11.87.5.11198_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/11/08 09:17:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
O2:*64bit:* - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1269191152\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realone player\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE (AOL Inc.)
O4 - Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: pogo.com ([game3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F493CCE1-F5A4-46FB-B0B5-284566CE6B71}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/02 19:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/12/02 19:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/11/12 10:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/11/12 10:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/11/08 09:23:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/04 17:10:20 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\john\AppData\Roaming\DataSafeDotNet.exe
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/07 22:07:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 21:50:53 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for john.job
[2014/12/07 21:48:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/07 21:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 19:46:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 19:46:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 18:00:02 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2014/12/07 10:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/04 21:22:24 | 000,000,886 | ---- | M] () -- C:\Users\john\Desktop\Norton Installation Files.lnk
[2014/12/04 10:35:08 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2014/12/04 10:35:07 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job
[2014/12/02 19:49:07 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/02 19:49:07 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/02 19:49:07 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/02 19:42:49 | 2110,840,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/02 19:24:53 | 000,000,945 | ---- | M] () -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/12/02 19:24:19 | 000,000,765 | ---- | M] () -- C:\Users\john\Desktop\NTREGOPT.lnk
[2014/12/02 19:24:19 | 000,000,746 | ---- | M] () -- C:\Users\john\Desktop\ERUNT.lnk
[2014/11/26 22:57:17 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2014/11/25 10:50:22 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/24 10:31:51 | 000,003,538 | ---- | M] () -- C:\Users\john\AppData\Roaming\wklnhst.dat
[2014/11/13 03:46:54 | 000,280,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/12 10:35:28 | 000,000,920 | ---- | M] () -- C:\Users\john\Desktop\SpywareBlaster.lnk
[2014/11/11 15:31:29 | 000,001,596 | ---- | M] () -- C:\Users\john\Desktop\requested-files[2014-11-11_15_31].cab
[2014/11/10 18:45:08 | 000,000,325 | ---- | M] () -- C:\Users\john\Desktop\requested-files[2014-11-10_18_45].cab
[2014/11/10 18:40:56 | 000,000,610 | ---- | M] () -- C:\Users\john\Desktop\sfp - Shortcut.lnk
[2014/11/10 18:22:27 | 000,000,325 | ---- | M] () -- C:\Users\john\Desktop\requested-files[2014-11-10_18_22].cab
[2014/11/08 09:17:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/02 19:24:53 | 000,000,945 | ---- | C] () -- C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/12/02 19:24:19 | 000,000,765 | ---- | C] () -- C:\Users\john\Desktop\NTREGOPT.lnk
[2014/12/02 19:24:19 | 000,000,746 | ---- | C] () -- C:\Users\john\Desktop\ERUNT.lnk
[2014/11/12 10:35:28 | 000,000,920 | ---- | C] () -- C:\Users\john\Desktop\SpywareBlaster.lnk
[2014/11/11 15:31:29 | 000,001,596 | ---- | C] () -- C:\Users\john\Desktop\requested-files[2014-11-11_15_31].cab
[2014/11/10 18:45:08 | 000,000,325 | ---- | C] () -- C:\Users\john\Desktop\requested-files[2014-11-10_18_45].cab
[2014/11/10 18:40:56 | 000,000,610 | ---- | C] () -- C:\Users\john\Desktop\sfp - Shortcut.lnk
[2014/11/10 18:22:27 | 000,000,325 | ---- | C] () -- C:\Users\john\Desktop\requested-files[2014-11-10_18_22].cab
[2014/09/23 18:50:48 | 000,084,725 | ---- | C] () -- C:\Users\john\AppData\Local\census.cache
[2014/09/23 18:50:43 | 000,129,944 | ---- | C] () -- C:\Users\john\AppData\Local\ars.cache
[2014/09/23 18:43:09 | 000,000,010 | ---- | C] () -- C:\Users\john\AppData\Local\sponge.last.runtime.cache
[2014/09/23 18:28:13 | 000,000,036 | ---- | C] () -- C:\Users\john\AppData\Local\housecall.guid.cache
[2014/09/22 06:50:38 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/10/10 10:22:11 | 000,000,044 | ---- | C] () -- C:\ProgramData\ftstate.ini
[2013/09/19 10:18:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/19 10:18:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/19 10:18:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/19 10:18:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/19 10:18:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 10:58:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/05 17:56:07 | 000,003,538 | ---- | C] () -- C:\Users\john\AppData\Roaming\wklnhst.dat
[2009/11/26 21:52:19 | 000,010,240 | ---- | C] () -- C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 07:15:02 | 000,007,728 | ---- | C] () -- C:\Users\john\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/12/08 18:29:10 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\.minecraft
[2013/04/18 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Audacity
[2013/04/18 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\AVG2013
[2014/02/02 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\canon
[2012/12/27 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2010/07/02 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\EPSON
[2009/12/03 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Leadertech
[2012/05/02 21:54:32 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\MusicNet
[2010/06/03 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\NCH Swift Sound
[2014/06/24 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Oberon Media
[2014/08/04 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Oracle
[2012/11/14 18:14:13 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PC Cleaners
[2013/09/20 08:26:05 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PC Utility Kit
[2013/01/15 09:58:11 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\PCPro
[2011/06/13 15:51:11 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\RoboForm
[2014/11/07 23:20:31 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\TeamViewer
[2009/12/05 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Template
[2013/04/06 11:37:17 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\TuneUp Software
[2012/11/17 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Unity
[2009/11/27 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


----------



## duhme (Dec 2, 2003)

Whats your u tube about? Sorry you had some troubles lately. Would you like to trade places with me? My mom and I are in some kind of competition for whose right and whose wrong and we drive each other crazy. It is so frustrating.


----------



## eddie5659 (Mar 19, 2001)

That's okay, we all have family stuff, and reply when you can.

My Youtube channel is gaming only, and just uploaded a vid last night. A 20min clip took 3 hours!!

I can send the details via PM, if you wish 

Okay, it all looks fine, just some remains. I also looked at the file you uploaded for me, looks like you uploaded the actual program, not the file I was after 

So, I'll try and grab some screenshots.

You should already have the program, but if not, here is a new speech, with the links etc 

----

Download *suspicious file packer* from http://www.safer-networking.org/files/sfp.zip

Unzip it to desktop, open it & copy/paste in the contents of the quote box below:


```
C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\y7o3et5m.default\extensions\[email protected]
```
So, it looks like this:










Then this when copy/paste:










Press *Continue* & it will create an archive (zip/cab file) on desktop.

Please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files.

Just Register, press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file.

eddie


----------



## duhme (Dec 2, 2003)

http://thespykiller.co.uk/index.php?topic=10114.new#new


----------



## duhme (Dec 2, 2003)

Oh by the way, I am getting the red x in some emails where pictures should be. Puter is slowing to load pages again too. 
If your game site is a pay or gambling site I dont need a link. I only play for fun.


----------



## eddie5659 (Mar 19, 2001)

Just about to go to work, will look at ity when home.

My gaming is a multiplayer game. I just bought the game at Amazon, after that its free. Its not to everyones taste, but I enjoy it.

The youtube site is best to look at, as it has a video called Raw and Real, which is what the main game is. I play other games offline as well


----------



## eddie5659 (Mar 19, 2001)

Looks like it didn't work, so we'll just remove it, and if needbe, you'll have to install it again, if you need it. It was an Addon, so you'll know if its needed or not 

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
[2013/04/18 20:58:12 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\[email protected]
[2012/05/27 16:02:10 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\y7o3et5m.default\extensions\[email protected]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
:Commands
[emptytemp]
[purity]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

--------------

For the red X part in the emails, which email site do you use?

Also, can you do this, to see if it helps. May just need a cleanout:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

-------


Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

eddie


----------



## duhme (Dec 2, 2003)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\y7o3et5m.default\extensions\[email protected] folder moved successfully.
C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\y7o3et5m.default\extensions\[email protected] moved successfully.
File delete failed. C:\Windows\SysNative\SET111B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET231.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET76F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: john
->Temp folder emptied: 40876255 bytes
->Temporary Internet Files folder emptied: 43114318 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 407002952 bytes
->Flash cache emptied: 915 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1557600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1085696 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 18942 bytes

Total Files Cleaned = 471.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12152014_151651

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET111B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET231.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be moved on reboot.
C:\Windows\temp\TMP000005F57479E18258C0469C moved successfully.
C:\Windows\temp\TMP0000075E41986E133FBF27A2 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I use AOL Mail. But I think AOL is causing problems and wish I could change my favorites to another place.


----------



## duhme (Dec 2, 2003)

Tlhe Aol mail problem with the red x is just one mail from the medical lab I use. It must be their sending it incorrectly. No other mail is affected. Everything seems to be back to normal.


----------



## eddie5659 (Mar 19, 2001)

Nuts, just seen this, sorry for the delay. At work, very, very busy as everything is urgent 

That's good to hear about AOL. Also, did you run the two cleanup methods I posted?


----------



## duhme (Dec 2, 2003)

Yes, I did.


----------



## eddie5659 (Mar 19, 2001)

Excellent. Hope you're having a nice Christmas as well 

How's the computer running now? If its all okay, we'll remove the tools we've used, then I'll post some things to help you be secure in the future 

I'll wait for your reply first though


----------



## duhme (Dec 2, 2003)

I get some security thing saying it detected a lot of viruses . I think its an ad thing wanting me to install their product.My Mouse is double clicking by itself. My son said to buy a new mouse.It is deleting my mail when I only click once it clicks more. In a card game I play it is really annoying. I have to move my cards back to where I want them over and over again because the mouse has a mind of its own Other than busy sites being slow. I believe its ok now.


----------



## eddie5659 (Mar 19, 2001)

That does sound like a mouse issue, and they're quite cheap for a basic mouse 

As for the other security thing, which program is it? Is it on a website?


----------



## duhme (Dec 2, 2003)

I got rid of the thing that kept popping up and saying I had thousands of problems and needed to buy their program.I have got to check more before i down load crap. I get myself in more trouble and cause my system to get buggy.The name was reimage.


----------



## duhme (Dec 2, 2003)

Listened to your voice. Yep, your an Englander. My Cousins grandparents are from England. The Breretons. Know any Breretons?Yes, I know its a big country but the Brereton name was well known from what I gathered doing some ancestry research.


----------



## eddie5659 (Mar 19, 2001)

Ah, reimage. Yes, its a known program to give false positives, so you think you have problems when in fact you don't, plus it instals many other things you don't want.

Lets just make sure its all gone. Can you update and run MBAM as shown here:

http://forums.techguy.org/8988884-post7.html

I know there is a new update to the actual program. It will ask you to install this, so say yes etc. After its installed, it will start again, but you'll still have to click on the Scan option again 

Yep, born and bred here in England, North of England 

Strangely enough, not heard of any Breretons, but then again, even in my department at work with over 100 people, no-one has the same surname


----------



## duhme (Dec 2, 2003)

Ok did that. It quarantined 2 items. Not malware it said.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets run an online scan here to see if anything is showing 

*Please run a free online scan with the ESET Online Scanner:*

_*IMPORTANT: You MUST use Internet Explorer for this step!*_


Visit the ESET Online Scanner Web Page
Select the blue *Run ESET Online Scanner* button:










Tick the box next to *YES, I accept the Terms of Use* and click *Start*










When asked, allow the ActiveX control to install.
Select* Enable detection of potentially unwanted applications* and select *Advanced Settings*:










Make sure to check the options *Remove found threats* and *Enable Anti-Stealth technology* are checked:










Click *Start*. (This scan can take several hours, so please be patient):










Once the scan is completed, select *List of found threats*:










Select *Export to text file...* and save the file as *ESETlog.txt* on your *Desktop*:










Click the *Back* button.
Click the *Finish* button:










Use *Notepad *to open the saved log file (on your Desktop- ESET.txt)[/b]
Copy and paste that log as a reply to this topic.

eddie


----------



## duhme (Dec 2, 2003)

well I goofed again. I let the scan run and went to bed. The next day it wouldnt show me the results. I tried to scan again and of course it said one time was used so it let me run another type of scan and said no problems but there was no log. I bet you are tired of all this by now. I know I am getting aggravated. I found in the history that my grandson went to a porn site.That has slowed pages or something else. I could beat that kid. I apologize for the time you are putting in and me messing up so much. its always something going wrong. grrr


----------



## eddie5659 (Mar 19, 2001)

Its okay, its not your fault, and I stay till the very end with all threads I reply to here 

So, just in case other stuff has gone on etc, can you run this for me. Its similar to OTL, in that it produces two logs etc, but it searches in different areas, which is very good for me 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will produce a log called *FRST.txt* in the same directory the tool is run from. 
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

eddie


----------



## duhme (Dec 2, 2003)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by john (administrator) on SANDY-PC on 16-01-2015 13:04:36
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available profiles: john & RA Media Server)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reimage®) C:\Users\john\Downloads\ReimageRepair (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE [72296 2014-08-19] (AOL Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [DummyIconOverlay] -> {B8A03725-03B9-485F-BB22-E848799D4C2A} => C:\Users\john\AppData\Local\SurfBoard\PanelApp\pahelper64_1501.2010.1213.1541.dll ()
ShellIconOverlayIdentifiers-x32: [DummyIconOverlay] -> {B8A03725-03B9-485F-BB22-E848799D4C2A} => C:\Users\john\AppData\Local\SurfBoard\PanelApp\pahelper_1501.2010.1213.1541.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 128.187.223.212:3124
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U270&ocid=U270DHP
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> {FFC99910-AFB9-45EC-8022-2086D9F833CC} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\y7o3et5m.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF Homepage: hxxp://www.aol.com
FF Homepage: hxxp://www.aol.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realone player\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2019879599-2988540177-3845787192-1000: @movenetworks.com/Quantum Media Player -> C:\Users\john\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\y7o3et5m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-21]
FF Extension: AOL Toolbar - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\y7o3et5m.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013-11-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\john\AppData\Roaming\Move Networks
FF Extension: No Name - C:\Users\john\AppData\Roaming\Move Networks [2010-01-27]
FF HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Firefox\Extensions: [{53F9B74B-B22A-4EB0-9FEB-14F05390930C}] - C:\Users\john\AppData\Local\SurfBoard\PanelApp\ff
FF Extension: No Name - C:\Users\john\AppData\Local\SurfBoard\PanelApp\ff [2011-02-01]

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8F55B8F8-D368-4F08-85A3-8538EEF53448&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M56B6DF7B-3798-435D-87F2-EA0293105A30&SearchSource=55&CUI=&UM=6&UP=SP86A15E83-9149-4D2A-BB75-34C6B4DAADE1&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M56B6DF7B-3798-435D-87F2-EA0293105A30&SearchSource=58&CUI=&UM=6&UP=SP86A15E83-9149-4D2A-BB75-34C6B4DAADE1&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-19]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-08]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-08]
CHR Extension: (HeadlineAlley) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl [2014-07-24]
CHR Extension: (RealDownloader) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-19]
CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-08]
CHR HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
S4 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1418184 2013-02-19] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S4 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S4 PanelSvc; C:\Program Files (x86)\SurfBoard\PanelApp\PanelSvc.exe [91136 2009-12-30] () [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 HPHNDUSVC; C:\Users\john\AppData\Local\Temp\7zS6196\HPHNDUSVC.dll [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S1 Beep; No ImagePath
S3 camfilt2; C:\Windows\System32\Drivers\camfilt2.sys [52736 2008-08-13] (Guillemot Corporation)
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 Packet; C:\Windows\SysWOW64\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552384 2009-04-22] ()
S1 bknmcwal; \??\C:\Windows\system32\drivers\bknmcwal.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 chlbqgrz; \??\C:\Windows\system32\drivers\chlbqgrz.sys [X]
S3 cpuz134; \??\C:\Users\john\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 13:06 - 2015-01-16 13:06 - 00004272 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-01-16 13:06 - 2015-01-16 13:06 - 00001847 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-01-16 13:06 - 2015-01-16 13:06 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-01-16 13:06 - 2015-01-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-01-16 13:05 - 2015-01-16 13:06 - 00000000 ____D () C:\rei
2015-01-16 13:05 - 2015-01-16 13:06 - 00000000 ____D () C:\Program Files\Reimage
2015-01-16 13:04 - 2015-01-16 13:06 - 00021719 _____ () C:\Users\john\Downloads\FRST.txt
2015-01-16 13:04 - 2015-01-16 13:04 - 00000000 ____D () C:\FRST
2015-01-16 13:02 - 2015-01-16 13:02 - 00775968 _____ (Reimage®) C:\Users\john\Downloads\ReimageRepair (1).exe
2015-01-16 13:01 - 2015-01-16 13:01 - 02125312 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-01-14 03:11 - 2014-12-18 19:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 03:11 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 03:11 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 03:11 - 2014-12-05 21:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 03:11 - 2014-12-05 21:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 03:10 - 2014-12-05 21:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-09 10:35 - 2015-01-09 10:35 - 314332910 _____ () C:\Windows\MEMORY.DMP
2015-01-09 10:35 - 2015-01-09 10:35 - 00276280 _____ () C:\Windows\Minidump\Mini010915-01.dmp
2015-01-08 16:49 - 2015-01-08 16:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\john\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-30 15:42 - 2014-12-30 15:42 - 00465269 _____ () C:\Users\john\Downloads\photo (23).htm
2014-12-24 10:30 - 2014-12-24 10:30 - 00402384 _____ () C:\Users\john\Downloads\photo (22).htm
2014-12-21 23:26 - 2014-12-21 23:26 - 00638888 _____ (Oracle Corporation) C:\Users\john\Downloads\chromeinstall-8u25.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 13:07 - 2010-01-31 14:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 13:06 - 2014-12-12 15:46 - 00000165 _____ () C:\Windows\Reimage.ini
2015-01-16 12:45 - 2014-10-30 13:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 12:17 - 2012-06-14 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 12:11 - 2006-11-02 07:46 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 12:09 - 2009-07-09 09:12 - 01618187 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 12:06 - 2014-10-28 22:20 - 00003202 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2019879599-2988540177-3845787192-1000
2015-01-16 12:06 - 2014-06-12 08:53 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2019879599-2988540177-3845787192-1000
2015-01-16 12:06 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:06 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 12:04 - 2010-01-31 14:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 12:04 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 12:02 - 2006-11-02 10:42 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 20:38 - 2012-07-31 22:23 - 00003682 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D96FF4B-7C36-4F44-915A-4E66F8E9EF7D}
2015-01-15 18:00 - 2013-09-20 08:26 - 00000478 _____ () C:\Windows\Tasks\PC Utility Kit Registration3.job
2015-01-15 17:10 - 2013-05-15 22:12 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-01-15 12:12 - 2013-09-20 08:25 - 00000444 _____ () C:\Windows\Tasks\PC Utility Kit Update3.job
2015-01-15 12:12 - 2013-09-20 08:25 - 00000442 _____ () C:\Windows\Tasks\PC Utility Kit.job
2015-01-14 03:28 - 2008-01-20 22:26 - 01052710 _____ () C:\Windows\PFRO.log
2015-01-14 03:10 - 2013-08-15 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:02 - 2006-11-02 07:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-10 08:58 - 2011-03-18 16:41 - 00000000 ____D () C:\Windows\pss
2015-01-09 10:35 - 2010-05-17 21:30 - 00000000 ____D () C:\Windows\Minidump
2015-01-08 17:42 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-08 16:51 - 2014-10-30 13:45 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 16:51 - 2014-10-30 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-08 16:51 - 2014-10-30 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-06 04:36 - 2009-11-20 21:18 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 23:04 - 2014-09-22 06:50 - 00000000 ____D () C:\ProgramData\iolo
2014-12-28 13:44 - 2014-08-25 04:00 - 00000000 ____D () C:\Users\john\AppData\Local\CrashDumps
2014-12-28 09:53 - 2014-12-16 18:39 - 00122783 _____ () C:\Windows\system32\ScanResults.xml
2014-12-28 09:47 - 2014-12-16 18:34 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-12-21 23:28 - 2014-09-25 15:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-21 23:28 - 2013-10-21 21:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-21 23:27 - 2010-06-07 07:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-18 22:32 - 2011-05-30 23:13 - 00000000 ____D () C:\ProgramData\Norton

Some content of TEMP:
====================
C:\Users\john\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-16 12:10

==================== End Of Log ============================


----------



## duhme (Dec 2, 2003)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by john at 2015-01-16 13:07:46
Running from C:\Users\john\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Toolbar (HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3272 - AVG Technologies)
AVG 2013 (Version: 13.0.3162 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3272 - AVG Technologies) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.2.0.0 - Dell Inc.)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
EPSON CX7400 User's Guide (HKLM-x32\...\Silent Package Run-Time Sample) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Helper (HKLM-x32\...\Hardware Helper_is1) (Version: 10.0 - Driver-Soft Inc.)
Hercules Dualpix Infinite Webcam (HKLM-x32\...\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}) (Version: 3.0.0.0 - Hercules)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Move Media Player (HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Move Media Player) (Version: - Move Networks)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.3 - Reimage) <==== ATTENTION
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.1 - BrightFort LLC)
SurfBoard Technology Tracking Application (HKLM-x32\...\{D5EA1755-1899-4380-A4BA-83840648CBDA}) (Version: 1.1.0 - SurfBoard)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13936 - TeamViewer)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version: - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-12-2014 12:15:52 Scheduled Checkpoint
15-12-2014 01:19:45 Scheduled Checkpoint
15-12-2014 15:17:05 OTL Restore Point - 12/15/2014 3:17:05 PM
16-12-2014 12:09:56 Windows Update
26-12-2014 09:54:22 Windows Update
27-12-2014 00:30:56 Scheduled Checkpoint
28-12-2014 14:10:50 Scheduled Checkpoint
30-12-2014 00:49:19 Scheduled Checkpoint
30-12-2014 10:16:54 Windows Update
31-12-2014 00:50:52 Scheduled Checkpoint
01-01-2015 01:24:14 Scheduled Checkpoint
02-01-2015 02:40:08 Scheduled Checkpoint
02-01-2015 11:52:03 Windows Update
03-01-2015 00:00:14 Scheduled Checkpoint
04-01-2015 12:21:23 Scheduled Checkpoint
05-01-2015 00:31:17 Scheduled Checkpoint
06-01-2015 01:16:57 Scheduled Checkpoint
06-01-2015 10:50:09 Windows Update
07-01-2015 00:55:16 Scheduled Checkpoint
08-01-2015 01:26:04 Scheduled Checkpoint
08-01-2015 18:30:14 Scheduled Checkpoint
09-01-2015 11:56:56 Scheduled Checkpoint
10-01-2015 01:01:49 Scheduled Checkpoint
11-01-2015 00:00:12 Scheduled Checkpoint
12-01-2015 01:12:57 Scheduled Checkpoint
13-01-2015 08:51:11 Scheduled Checkpoint
13-01-2015 15:37:21 Windows Update
14-01-2015 03:00:21 Windows Update
15-01-2015 00:00:14 Scheduled Checkpoint
16-01-2015 00:12:03 Scheduled Checkpoint
16-01-2015 12:35:35 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2014-11-08 09:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C3F31EE-B4A4-4738-BC41-757AD82A7E89} - System32\Tasks\PC Utility Kit => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
Task: {19AD159B-FCC9-4F1A-BD91-8B43B6591666} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: {324E15E3-6D53-46E2-8CA8-5CDD9B96E429} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMGMIMMJMMMJGMMJKMCNIMMJGMGMCNLMOJNMNMCNNJIMNJOMCNKMMMMJKJNMJMJMMMKJOJNJPMJNJICMIMCNLMCNNMFMGMCNPMCNHMOMOMNMFMJMCNPMCNJMPMPMNMCNNMJNPICMOMFMFMKMHMMMJNHICMEKMICNJJCKJNBJCMMIOJBJLJNIOJPNHLOJNILJGIJNKJCMJNNICMJNDJCMKJBJ"
Task: {3A98A2BD-ADDC-4704-A96B-3637FE412373} - System32\Tasks\PC Utility Kit Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll" RunUns
Task: {3F287D8E-96DD-43A8-B42D-7AB7FD518C92} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5D3B199F-B45E-4AA6-A5EC-5E1136EBE7D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65A2D4B1-7B1A-4C61-B75E-E68CEEA201B7} - System32\Tasks\{1D1B75B2-1034-4B8D-9F66-FECA7D2AB6E0} => pcalua.exe -a C:\PROGRA~2\NCH\UNWISE.EXE -c /U C:\PROGRA~2\NCH\INSTALL.LOG
Task: {68E980C7-2A01-4E0A-8E58-EBB4C0AC70D9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2019879599-2988540177-3845787192-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6F218A4B-3F4F-4946-82DC-8F059CD74266} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {794CB9C4-FBE4-4B61-B643-E79285841AEB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2019879599-2988540177-3845787192-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {95CB9EA4-89BA-4320-9E1F-882A5D5CA99B} - System32\Tasks\4612 => Wscript.exe C:\Users\john\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {9653BCD2-A6F8-400D-8BBA-80CA1F4FD663} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-21] (Adobe Systems Incorporated)
Task: {99674DE6-9C78-4887-B057-A57F796F1554} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2019879599-2988540177-3845787192-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B6ACE754-065A-488B-AC12-9AE0B0917B43} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2019879599-2988540177-3845787192-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CD871ADE-06BC-484E-A440-D33A7D44296B} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-12] () <==== ATTENTION
Task: {E07FEFEC-65CD-4217-878B-04B0D17983B0} - \RegClean Pro No Task File <==== ATTENTION
Task: {F213353A-F4E9-462B-8618-E1A3877608B4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F29DC254-7EDE-4C7C-85CA-E80397839BC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F6B173CE-2D64-43BD-8D2A-F9AE8705F069} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit.job => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-07-28 18:33 - 2008-09-22 16:12 - 00036864 _____ () C:\Program Files (x86)\Hercules\Dualpix Infinite\WebCamKSProxyPlugin.ax
2014-09-09 17:38 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-09 17:38 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-09 17:38 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\pfvejoqy.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apache2.2 => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: avgfws => 2
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: dsl-db => 2
MSCONFIG\Services: dsl-fs-sync => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hnmsvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PanelSvc => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: XAudioService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^john^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^john^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CamserviceDP => "C:\Program Files (x86)\Hercules\Dualpix Infinite\x64\Camservice.exe" /startup
MSCONFIG\startupreg: CanonQuickMenu => "C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: HostManager => "C:\Program Files (x86)\Common Files\AOL\1269191152\ee\AOLSoftware.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\realone player\update\realsched.exe" -osboot
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2019879599-2988540177-3845787192-500 - Administrator - Disabled)
Guest (S-1-5-21-2019879599-2988540177-3845787192-501 - Limited - Disabled)
john (S-1-5-21-2019879599-2988540177-3845787192-1000 - Administrator - Enabled) => C:\Users\john
RA Media Server (S-1-5-21-2019879599-2988540177-3845787192-1001 - Administrator - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 00:35:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {603e6fad-1b9f-4a48-88ea-6faf35f3b55e}

Error: (01/16/2015 00:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 00:04:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2015 00:12:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5b2f6722-c95a-49c4-bf8f-935ae5e1cdeb}

Error: (01/15/2015 00:00:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {906a8915-bae7-4596-ae34-ed81de2bc4f6}

Error: (01/14/2015 03:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 03:10:06 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (01/14/2015 03:10:04 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (01/14/2015 03:00:26 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {069e8bbc-6cca-44b2-a843-3de1464e6f31}

Error: (01/13/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16599 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 19c
Start Time: 01d02fa0bc470c30
Termination Time: 0

System errors:
=============
Error: (01/16/2015 00:06:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP Home Network Diagnostic Support Service%%126

Error: (01/16/2015 00:06:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Avgldx64
Beep

Error: (01/16/2015 00:06:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater18.1.9%%2

Error: (01/15/2015 05:10:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (01/15/2015 05:10:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (01/15/2015 05:10:20 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/14/2015 01:29:18 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00256402C3BD.

Error: (01/14/2015 01:28:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 107.145.91.44 for the Network Card with network address 00256402C3BD has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/14/2015 01:27:46 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00256402C3BD.

Error: (01/14/2015 01:27:25 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00256402C3BD.

Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:35:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {603e6fad-1b9f-4a48-88ea-6faf35f3b55e}

Error: (01/16/2015 00:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 00:04:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (01/16/2015 00:12:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5b2f6722-c95a-49c4-bf8f-935ae5e1cdeb}

Error: (01/15/2015 00:00:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {906a8915-bae7-4596-ae34-ed81de2bc4f6}

Error: (01/14/2015 03:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 03:10:06 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (01/14/2015 03:10:04 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (01/14/2015 03:00:26 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {069e8bbc-6cca-44b2-a843-3de1464e6f31}

Error: (01/13/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1659919c01d02fa0bc470c300

CodeIntegrity Errors:
===================================
Date: 2015-01-16 13:06:01.701
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:06:00.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:58.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:56.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:32.223
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:28.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:24.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:20.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:16.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-16 13:05:15.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz
Percentage of memory in use: 79%
Total physical RAM: 2012.26 MB
Available physical RAM: 417.69 MB
Total Pagefile: 4267.82 MB
Available Pagefile: 2304.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:183.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: A44F8C47)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## duhme (Dec 2, 2003)

reimage repair came up and it was running with the other farbar scan. Was that suppose to happen?


----------



## eddie5659 (Mar 19, 2001)

Hi, looking through the logs now.

As for reimage to be appearing, no its not supposed to happen, so we'll remove that as well 

I'll reply tonight, just need to go through them and create a fix


----------



## eddie5659 (Mar 19, 2001)

Okay, lots to do, so lets start at the beginning 

Firstly, go to Programs and Features via the Control Panel, and uninstall these:

*Java 7 Update 67
Reimage Repair*

(Java is in there as that is an old version, and you already have the latest one installed)

----

Next, can you use SFP to upload a file again, like you did a while ago. If you're unsure how etc, I'll post it here again 

Download *suspicious file packer* from http://www.safer-networking.org/files/sfp.zip

Unzip it to desktop, open it & copy/paste in the contents of the quote box below:



> *
> C:\Users\john\AppData\Local\Temp\launchie.vbs
> C:\Windows\system32\drivers\chlbqgrz.sys
> C:\Windows\system32\drivers\bknmcwal.sys
> *


So, it looks like this:










Then this when copy/paste:










Press *Continue* & it will create an archive (zip/cab file) on desktop.

Please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files.

Just Register, press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file.

Let me know when its uploaded 

-------

After doing that, we're going to use FRST to run a fix:

Download attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST/FRST64* and press the *Fix* button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

------------

After doing that, we'll work on the manual approach for certain things 

eddie


----------



## duhme (Dec 2, 2003)

I noticed duplicates of posts that are now gone. I posted a link to the spy killer and dont see it now. I thought I did.


----------



## duhme (Dec 2, 2003)

http://thespykiller.co.uk/index.php?topic=10126.0 I am having some confusion with instructions. also I had deleted reimage a number of times and it keeps coming back.


----------



## duhme (Dec 2, 2003)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by john at 2015-01-22 21:35:52 Run:1
Running from c:\Users\john\Downloads
Loaded Profiles: john & RA Media Server & (Available profiles: john & RA Media Server)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Reimage®) C:\Users\john\Downloads\ReimageRepair (1).exe
Toolbar: HKU\S-1-5-21-2019879599-2988540177-3845787192-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8F55B 8F8-D368-4F08-85A3-8538EEF53448&SSPV=
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M56B6DF7B-3798-435D-87F2-EA0293105A30&SearchSource=58&CUI=&UM=6&UP=SP86A15E83-9149-4D2A-BB75-34C6B4DAADE1&q={searchTerms}&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M56B6DF7B-3798-435D-87F2-EA0293105A30&SearchSource=55&CUI=&UM=6&UP=SP86A15E83-9149-4D2A-BB75-34C6B4DAADE1&SSPV="
CHR Extension: (HeadlineAlley) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl [2014-07-24]
CHR HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
2015-01-16 13:06 - 2015-01-16 13:06 - 00004272 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-01-16 13:06 - 2015-01-16 13:06 - 00001847 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-01-16 13:06 - 2015-01-16 13:06 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-01-16 13:06 - 2015-01-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-01-16 13:05 - 2015-01-16 13:06 - 00000000 ____D () C:\Program Files\Reimage
2015-01-16 13:02 - 2015-01-16 13:02 - 00775968 _____ (Reimage®) C:\Users\john\Downloads\ReimageRepair (1).exe
2015-01-16 13:06 - 2014-12-12 15:46 - 00000165 _____ () C:\Windows\Reimage.ini
C:\Users\john\AppData\Local\Temp\ReimagePackage.exe
ProxyServer: [.DEFAULT] => 128.187.223.212:3124
2015-01-15 18:00 - 2013-09-20 08:26 - 00000478 _____ () C:\Windows\Tasks\PC Utility Kit Registration3.job
2015-01-15 12:12 - 2013-09-20 08:25 - 00000444 _____ () C:\Windows\Tasks\PC Utility Kit Update3.job
2015-01-15 12:12 - 2013-09-20 08:25 - 00000442 _____ () C:\Windows\Tasks\PC Utility Kit.job
Task: {0C3F31EE-B4A4-4738-BC41-757AD82A7E89} - System32\Tasks\PC Utility Kit => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
Task: {19AD159B-FCC9-4F1A-BD91-8B43B6591666} - System32\Tasks\PC Utility Kit Update3 => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: {3A98A2BD-ADDC-4704-A96B-3637FE412373} - System32\Tasks\PC Utility Kit Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll" RunUns
Task: {95CB9EA4-89BA-4320-9E1F-882A5D5CA99B} - System32\Tasks\4612 => Wscript.exe C:\Users\john\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CD871ADE-06BC-484E-A440-D33A7D44296B} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-12-12] () <==== ATTENTION
Task: {E07FEFEC-65CD-4217-878B-04B0D17983B0} - \RegClean Pro No Task File <==== ATTENTION
Task: {F213353A-F4E9-462B-8618-E1A3877608B4} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F6B173CE-2D64-43BD-8D2A-F9AE8705F069} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Registration3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit Update3.job => C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Utility Kit.job => C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\pfvejoqy.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
S1 bknmcwal; \??\C:\Windows\system32\drivers\bknmcwal.sys [X]
S1 chlbqgrz; \??\C:\Windows\system32\drivers\chlbqgrz.sys [X]
C:\Users\john\Downloads\ReimageRepair (1).exe
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\PC Utility Kit
C:\Program Files (x86)\Common Files\PC Utility Kit
C:\Program Files\Reimage
C:\Windows\system32\drivers\chlbqgrz.sys
C:\Windows\system32\drivers\bknmcwal.sys
C:\Users\AppData\LocalLow\NCH
*****************

C:\Users\john\Downloads\ReimageRepair (1).exe => No running process found
HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
"HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl => Moved successfully.
"HKU\S-1-5-21-2019879599-2988540177-3845787192-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => Key deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater => Moved successfully.
"C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" => File/Directory not found.
C:\ProgramData\Reimage Protector => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => File/Directory not found.
C:\Program Files\Reimage => Moved successfully.
"C:\Users\john\Downloads\ReimageRepair (1).exe" => File/Directory not found.
C:\Windows\Reimage.ini => Moved successfully.
C:\Users\john\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Windows\Tasks\PC Utility Kit Registration3.job => Moved successfully.
C:\Windows\Tasks\PC Utility Kit Update3.job => Moved successfully.
C:\Windows\Tasks\PC Utility Kit.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3F31EE-B4A4-4738-BC41-757AD82A7E89}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3F31EE-B4A4-4738-BC41-757AD82A7E89}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Utility Kit => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Utility Kit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19AD159B-FCC9-4F1A-BD91-8B43B6591666}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19AD159B-FCC9-4F1A-BD91-8B43B6591666}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Utility Kit Update3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Utility Kit Update3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A98A2BD-ADDC-4704-A96B-3637FE412373}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A98A2BD-ADDC-4704-A96B-3637FE412373}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Utility Kit Registration3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Utility Kit Registration3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95CB9EA4-89BA-4320-9E1F-882A5D5CA99B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95CB9EA4-89BA-4320-9E1F-882A5D5CA99B}" => Key deleted successfully.
C:\Windows\System32\Tasks\4612 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4612" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD871ADE-06BC-484E-A440-D33A7D44296B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD871ADE-06BC-484E-A440-D33A7D44296B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Reimage Reminder => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E07FEFEC-65CD-4217-878B-04B0D17983B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E07FEFEC-65CD-4217-878B-04B0D17983B0}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F213353A-F4E9-462B-8618-E1A3877608B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F213353A-F4E9-462B-8618-E1A3877608B4}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6B173CE-2D64-43BD-8D2A-F9AE8705F069}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6B173CE-2D64-43BD-8D2A-F9AE8705F069}" => Key deleted successfully.
C:\Windows\System32\Tasks\ReimageUpdater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
C:\Windows\Tasks\PC Utility Kit Registration3.job not found.
C:\Windows\Tasks\PC Utility Kit Update3.job not found.
C:\Windows\Tasks\PC Utility Kit.job not found.
C:\Windows\system32\Drivers\pfvejoqy.sys => ":changelist" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
bknmcwal => Service deleted successfully.
chlbqgrz => Service deleted successfully.
"C:\Users\john\Downloads\ReimageRepair (1).exe" => File/Directory not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
"C:\Program Files (x86)\PC Utility Kit" => File/Directory not found.
"C:\Program Files (x86)\Common Files\PC Utility Kit" => File/Directory not found.
"C:\Program Files\Reimage" => File/Directory not found.
"C:\Windows\system32\drivers\chlbqgrz.sys" => File/Directory not found.
"C:\Windows\system32\drivers\bknmcwal.sys" => File/Directory not found.
"C:\Users\AppData\LocalLow\NCH" => File/Directory not found.

==== End of Fixlog 21:35:55 ====


----------



## eddie5659 (Mar 19, 2001)

Looked at the other website, nothing was uploaded, just the list of the files I was looking for. But, looking in the FRST log above, it may be because they're not there.

As for ReImage, it should hopefuly be gone, as the fix removed a good portion of it. But, just to be safe etc, I want to check 

So, using SystemLook like you have previously used, can you run this code, and post the log it produces. It may take a while, just looking for any remains etc:

Just in case you're unsure how, I've posted the details again below.

Okay, first copy the following code as you would normally do:


```
:filefind
*Reimage*.*
*trovi*.*
*ToolbarUpdater*.*
*PC Utility Kit*.*
*RegClean*.*
*SearchProtect*.*
:folderfind
*Reimage*
*trovi*
*Secure Search*
*ToolbarUpdater*
*PC Utility Kit*
*RegClean*
*HeadlineAlley*
*SearchProtect*
:regfind
Reimage
trovi
Secure Search
ToolbarUpdater
PC Utility Kit
RegClean
HeadlineAlley
SearchProtect
:dir
C:\rei /s
```
Then, open up SystemLook:










Next, rightclick inside the window, and select Paste:










And Paste the contents in. Make sure that the beginning of the above code is there. Starts with :filefind










Then, click the *Look * box, let it run, and a Notepad will finally open up, with the results of the scan. This is a different scan, but gives you an idea, as I don't have the same files etc:



















Then, copy paste the entire contents of that log here.

----------------

Then, on a seperate scan, as it may be rather large, can you run this one:


```
:dir
C:\Windows\system32\drivers
:file
C:\Users\john\AppData\Local\Temp\7zS6196\HPHNDUSVC.dll
```
Thanks

eddie


----------



## duhme (Dec 2, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:05 on 28/01/2015 by john
Administrator - Elevation successful

========== filefind ==========

Searching for "*Reimage*.*"
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$RODUEHY\Change Reimage Repair Language.lnk	--a---- 1950 bytes	[18:06 16/01/2015]	[18:06 16/01/2015] 72CE9AC5E3D5BFF681A90850591917B8
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimage Repair.url	--a---- 52 bytes	[18:06 16/01/2015]	[18:06 16/01/2015] 5EFCE000842542FD149A75E0386DAE62
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimage.exe	--a---- 8695648 bytes	[15:13 29/12/2014]	[15:13 29/12/2014] 8D68DC081A4AA444E7E27DE66B95CB24
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimageicon.ico	--a---- 34494 bytes	[07:37 07/12/2014]	[07:37 07/12/2014] 760597E4323EB511B4BF4EE00A3D1992
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\ReimageReminder.exe	--a---- 4376392 bytes	[07:59 12/12/2014]	[07:59 12/12/2014] 94192B6E393DDA3434C43FB624ADA49D
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\ReimageRepair.exe	--a---- 775968 bytes	[18:05 16/01/2015]	[18:02 16/01/2015] C415A66AB37A072C0279C9F902B85FC2
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\ReimageSafeMode.exe	--a---- 232528 bytes	[21:46 05/12/2014]	[21:46 05/12/2014] C34CB5494E89C48EDEBCCF7ED9DDDA68
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimage_SafeMode.ico	--a---- 14846 bytes	[21:46 05/12/2014]	[21:46 05/12/2014] E8930E339F01ED0A30CB9253C5E78664
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimage_uninstall.ico	--a---- 34494 bytes	[21:46 05/12/2014]	[21:46 05/12/2014] A2D1E86FF0EA91CD11C5EE4A990A0295
C:\$RECYCLE.BIN\S-1-5-21-2019879599-2988540177-3845787192-1000\$ROUCQOP\Reimage_website.ico	--a---- 894 bytes	[21:46 05/12/2014]	[21:46 05/12/2014] 5B64B39F9C7AE6E153FDDE223F6AA5CC
C:\FRST\Quarantine\C\Users\john\AppData\Local\Temp\ReimagePackage.exe.xBAD	--a---- 13347728 bytes	[18:05 16/01/2015]	[18:05 16/01/2015] 47969474E7E7D0754DE22EB4D28C9FD4
C:\FRST\Quarantine\C\Windows\Reimage.ini.xBAD	--a---- 165 bytes	[20:46 12/12/2014]	[18:08 16/01/2015] 6B996694ED214804B86B3C8E509E4110
C:\FRST\Quarantine\C\Windows\System32\Tasks\Reimage Reminder.xBAD	--a---- 3344 bytes	[20:50 12/12/2014]	[18:07 16/01/2015] E5CC039B3C4ADD2E0ABC30759B22020A
C:\FRST\Quarantine\C\Windows\System32\Tasks\ReimageUpdater.xBAD	--a---- 4272 bytes	[18:06 16/01/2015]	[18:06 16/01/2015] 5FCFF4878EC2C7BAC7912397CAED5A5C
C:\rei\reimage.qsr	--a---- 1330 bytes	[18:08 16/01/2015]	[18:13 16/01/2015] 1C5A470E747EBAE6CDC91E1943D66102
C:\Users\john\AppData\Local\Temp\reimage.log	--a---- 639080 bytes	[23:34 16/12/2014]	[22:40 22/01/2015] 16977D88292CA1394B15D0F930C0CA57
C:\Windows\temp\reimage.log	--a---- 796 bytes	[18:07 16/01/2015]	[22:35 22/01/2015] 429ED109A882C25AB97D8CD9AA6941F2

Searching for "*trovi*.*"
No files found.

Searching for "*ToolbarUpdater*.*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe.vir	--a---- 990896 bytes	[16:36 06/04/2013]	[16:36 06/04/2013] 10B2E2FCA707501600D1DEAB1B71F699
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe.vir	--a---- 1771032 bytes	[04:10 21/03/2014]	[04:07 21/03/2014] 29CC39577CA273CA0E75FD562E66AE96
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe.vir	--a---- 1801240 bytes	[04:48 28/04/2014]	[04:46 28/04/2014] 7451065A6047CBF7332EB76F5ED5F362
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe.vir	--a---- 1813528 bytes	[13:42 23/06/2014]	[13:40 23/06/2014] 7570288275D80F5472AE3147487FF0B5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe.vir	--a---- 1820184 bytes	[12:36 12/08/2014]	[12:34 12/08/2014] 42E5B5428401F7CB56A5D585DCE46982

Searching for "*PC Utility Kit*.*"
C:\FRST\Quarantine\C\Windows\System32\Tasks\PC Utility Kit Registration3.xBAD	--a---- 3140 bytes	[13:26 20/09/2013]	[13:26 20/09/2013] 1E6D34211AC041A749D19E75CDC36006
C:\FRST\Quarantine\C\Windows\System32\Tasks\PC Utility Kit Update3.xBAD	--a---- 3256 bytes	[13:25 20/09/2013]	[13:25 20/09/2013] ED8FE1B2E45767808A73707A6F59A772
C:\FRST\Quarantine\C\Windows\System32\Tasks\PC Utility Kit.xBAD	--a---- 3358 bytes	[13:25 20/09/2013]	[13:25 20/09/2013] F81EDC5296CEC0FFA922001C73D432E1
C:\FRST\Quarantine\C\Windows\Tasks\PC Utility Kit Registration3.job.xBAD	--a---- 478 bytes	[13:26 20/09/2013]	[23:00 22/01/2015] 4E5ED97A178D494A1402416EFE31AA16
C:\FRST\Quarantine\C\Windows\Tasks\PC Utility Kit Update3.job.xBAD	--a---- 444 bytes	[13:25 20/09/2013]	[12:38 22/01/2015] A4A1A4DD3FE989A4DF2094D875D945E2
C:\FRST\Quarantine\C\Windows\Tasks\PC Utility Kit.job.xBAD	--a---- 442 bytes	[13:25 20/09/2013]	[12:38 22/01/2015] C43B4502CC08D363A9604282F8788CA6
C:\Users\john\Downloads\PC Utility Kit Installer (1).exe	--a---- 5395448 bytes	[13:24 20/09/2013]	[13:24 20/09/2013] 85EB8969CC20E53DA543F5D3985FDFB9
C:\Users\john\Downloads\PC Utility Kit Installer.exe	--a---- 5395448 bytes	[13:23 20/09/2013]	[13:24 20/09/2013] 85EB8969CC20E53DA543F5D3985FDFB9

Searching for "*RegClean*.*"
No files found.

Searching for "*SearchProtect*.*"
No files found.

========== folderfind ==========

Searching for "*Reimage*"
C:\FRST\Quarantine\C\Program Files\Reimage	d------	[18:05 16/01/2015]
C:\FRST\Quarantine\C\Program Files\Reimage\Reimage Protector	d------	[18:06 16/01/2015]
C:\FRST\Quarantine\C\ProgramData\Reimage Protector	d------	[18:06 16/01/2015]

Searching for "*trovi*"
No folders found.

Searching for "*Secure Search*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AVG Secure Search\ChromeRes\AVG Secure Search	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\AVG Secure Search	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\AVG Secure Search	d------	[18:21 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\LocalLow\AVG Secure Search	d------	[18:21 22/09/2014]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search	d------	[04:09 21/03/2014]

Searching for "*ToolbarUpdater*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater	d------	[18:20 22/09/2014]

Searching for "*PC Utility Kit*"
C:\ProgramData\PC Utility Kit	d------	[13:25 20/09/2013]
C:\ProgramData\PC Utility Kit\PC Utility Kit	d------	[13:25 20/09/2013]
C:\Users\All Users\PC Utility Kit	d------	[13:25 20/09/2013]
C:\Users\All Users\PC Utility Kit\PC Utility Kit	d------	[13:25 20/09/2013]
C:\Users\john\AppData\Roaming\PC Utility Kit	d------	[13:26 20/09/2013]
C:\Users\john\AppData\Roaming\PC Utility Kit\PC Utility Kit	d------	[13:26 20/09/2013]

Searching for "*RegClean*"
No folders found.

Searching for "*HeadlineAlley*"
No folders found.

Searching for "*SearchProtect*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect	d------	[18:20 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\SearchProtect	d------	[18:21 22/09/2014]
C:\AdwCleaner\Quarantine\C\Users\john\AppData\Local\SearchProtect\SearchProtect	d------	[18:21 22/09/2014]

========== regfind ==========

Searching for "Reimage"
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage]
[HKEY_CURRENT_USER\Software\Reimage]
[HKEY_CURRENT_USER\Software\Reimage\PC Repair\Smartbar]
"ReportQuickScan"="http://www.reimageplus.com/scan-report/?run_id=8e5c6fd9d334438999a5a07673"
[HKEY_CURRENT_USER\Software\Reimage\Reimage Repair]
[HKEY_CURRENT_USER\Software\reimagerepair]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ToolboxBitmap32]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\0\win64]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\HELPDIR]
@="C:\Program Files\Reimage\Reimage Repair"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ToolboxBitmap32]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\0\win64]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\HELPDIR]
@="C:\Program Files\Reimage\Reimage Repair"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"="Reimage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe]
@="C:\Program Files\Reimage\Reimage Repair\Reimage.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\Reimage Protector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\Reimage Protector]
"ReimageRepairLocation"="C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\Reimage Protector]
"CflPath"="C:\ProgramData\Reimage Protector\cfl.rei"
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\Reimage Protector]
"LogsPath"="C:\ProgramData\Reimage Protector\Results"
[HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\Reimage Repair]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ToolboxBitmap32]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\0\win64]
@="C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0\HELPDIR]
@="C:\Program Files\Reimage\Reimage Repair"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector]
"ImagePath"="C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector]
"DisplayName"="Reimage Real Time Protector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector]
"ImagePath"="C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector]
"DisplayName"="Reimage Real Time Protector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
"ImagePath"="C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
"DisplayName"="Reimage Real Time Protector"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Reimage]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Reimage\PC Repair\Smartbar]
"ReportQuickScan"="http://www.reimageplus.com/scan-report/?run_id=8e5c6fd9d334438999a5a07673"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Reimage\Reimage Repair]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\reimagerepair]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"="Reimage Downloader"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"="Reimage. Making PCs work like new, everyday."
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"="ReimageReminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"="Reimage Reminder"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"="Reimage Package"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"="Reimage Downloader"

Searching for "trovi"
No data found.

Searching for "Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}]
"AppPath"="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\ScriptHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh]
@="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9\manifest.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}]
"AppPath"="C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.9"

Searching for "ToolbarUpdater"
No data found.

Searching for "PC Utility Kit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f630335f_0]
@="{0.0.0.00000000}.{6374d34c-8845-45a5-9854-a94b74605d64}|\Device\HarddiskVolume3\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\PC Utility Kit]
[HKEY_CURRENT_USER\Software\PC Utility Kit\PC Utility Kit]
[HKEY_CURRENT_USER\Software\PC Utility Kit\UNS\PC Utility Kit]
[HKEY_CURRENT_USER\Software\PC Utility Kit\UNS\PC Utility Kit]
"SettingsFilename"="C:\Program Files (x86)\PC Utility Kit\PC Utility Kit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Utility Kit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Utility Kit\PC Utility Kit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f630335f_0]
@="{0.0.0.00000000}.{6374d34c-8845-45a5-9854-a94b74605d64}|\Device\HarddiskVolume3\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit\PC Utility Kit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit\UNS\PC Utility Kit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit\UNS\PC Utility Kit]
"SettingsFilename"="C:\Program Files (x86)\PC Utility Kit\PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"="PC Utility Kit"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"="PC Utility Kit"

Searching for "RegClean"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\dbc5795a_0]
@="{0.0.0.00000000}.{6374d34c-8845-45a5-9854-a94b74605d64}|\Device\HarddiskVolume3\Program Files (x86)\RegClean Pro\RegCleanPro.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\dbc5795a_0]
@="{0.0.0.00000000}.{6374d34c-8845-45a5-9854-a94b74605d64}|\Device\HarddiskVolume3\Program Files (x86)\RegClean Pro\RegCleanPro.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"="RegClean Pro"

Searching for "HeadlineAlley"
No data found.

Searching for "SearchProtect"
No data found.

========== dir ==========

C:\rei - Parameters: "/s"

---Files---
cfl.rei	--a---- 894320 bytes	[18:05 16/01/2015]	[18:05 16/01/2015]
cpuidsdk.dll	--a---- 1403392 bytes	[21:46 05/12/2014]	[21:46 05/12/2014]
rei1803.ini	--a---- 3680 bytes	[18:07 16/01/2015]	[18:07 16/01/2015]
reimage.qsr	--a---- 1330 bytes	[18:08 16/01/2015]	[18:13 16/01/2015]
SupportInfoTool.ini	--a---- 736 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]

C:\rei\AV	d------	[18:06 16/01/2015]
avupdate.conf	--a---- 115 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
avupdate.exe	--a---- 2234568 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
avupdate_msg.avr	--a---- 5560 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
HBEDV.KEY	--a---- 512 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
savapi3_restart.exe	--a---- 55648 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
savapi3_start.exe	--a---- 55648 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
savapi3_stop.exe	--a---- 55648 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]

C:\rei\AV\Microsoft.VC90.CRT	d------	[18:06 16/01/2015]
Microsoft.VC90.CRT.manifest	--a---- 439 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]
msvcr90.dll	--a---- 653136 bytes	[21:47 05/12/2014]	[21:47 05/12/2014]

C:\rei\Results	d------	[18:07 16/01/2015]

C:\rei\Results\EXE1.8.0.3	d------	[18:07 16/01/2015]

C:\rei\Results\EXE1.8.0.3\RUN20150116_1307	d------	[18:07 16/01/2015]
Compress.res	--a---- 166 bytes	[18:07 16/01/2015]	[18:07 16/01/2015]
debug-repair-2.log	--a---- 605792 bytes	[18:07 16/01/2015]	[18:13 16/01/2015]
debug-repair.log	--a---- 152670 bytes	[18:07 16/01/2015]	[18:13 16/01/2015]
Info_EnvironmentVars.res	--a---- 21680 bytes	[18:07 16/01/2015]	[18:07 16/01/2015]
Info_Installed.rec	--a---- 36848 bytes	[18:07 16/01/2015]	[18:07 16/01/2015]
out.log	--a---- 12728 bytes	[18:07 16/01/2015]	[18:13 16/01/2015]

C:\rei\Temp	d------	[18:07 16/01/2015]

C:\rei\Temp\20150116_1307	d------	[18:07 16/01/2015]
ApplicationList.ini	--a---- 116782 bytes	[18:07 16/01/2015]	[18:07 16/01/2015]

C:\rei\Temp\20150116_1307\DownloaderTemp	d------	[18:07 16/01/2015]

-= EOF =-


----------



## duhme (Dec 2, 2003)

SystemLook 30.07.11 by jpshortstuff
Log created at 23:32 on 28/01/2015 by john
Administrator - Elevation successful

========== dir ==========

C:\Windows\system32\drivers - Parameters: "(none)"

---Files---
1028_Dell_INS_537.mrk	--a---- 3983 bytes	[21:55 09/07/2009]	[21:55 09/07/2009]
1394bus.sys	--a---- 65024 bytes	[09:43 02/11/2006]	[09:43 02/11/2006]
acpi.sys	--a---- 325608 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
adp94xx.sys	--a---- 486456 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
adpahci.sys	--a---- 342584 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
adpu160m.sys	--a---- 126520 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
adpu320.sys	--a---- 185912 bytes	[07:48 02/11/2006]	[02:47 21/01/2008]
afd.sys	--a---- 404992 bytes	[17:37 09/07/2014]	[07:10 30/05/2014]
AGP440.sys	--a---- 64568 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
aliide.sys	--a---- 18488 bytes	[09:38 02/11/2006]	[03:26 25/04/2009]
amdide.sys	--a---- 15976 bytes	[09:38 02/11/2006]	[02:46 21/01/2008]
amdk8.sys	--a---- 50688 bytes	[09:00 02/11/2006]	[02:46 21/01/2008]
arc.sys	--a---- 90680 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
arcsas.sys	--a---- 91192 bytes	[07:48 02/11/2006]	[02:47 21/01/2008]
asyncmac.sys	--a---- 22016 bytes	[02:51 21/01/2008]	[02:51 21/01/2008]
atapi.sys	--a---- 20952 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
ataport.sys	--a---- 123368 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
atikmdag.sys	--a---- 2488320 bytes	[12:41 02/11/2006]	[07:48 02/11/2006]
ativcaxx.cpa	--a---- 655825 bytes	[12:41 02/11/2006]	[21:13 01/10/2006]
ativcaxx.vp	--a---- 929 bytes	[12:41 02/11/2006]	[21:13 01/10/2006]
ativokxx.vp	--a---- 2096 bytes	[12:41 02/11/2006]	[21:13 01/10/2006]
ativpkxx.vp	--a---- 2096 bytes	[12:41 02/11/2006]	[21:13 01/10/2006]
ativvpxx.vp	--a---- 11600 bytes	[12:41 02/11/2006]	[21:09 15/10/2006]
ATWPKT264.SYS	-ra---- 33400 bytes	[01:22 12/02/2010]	[01:22 12/02/2010]
avgfwd6a.sys	--a---- 50296 bytes	[14:39 04/09/2012]	[14:39 04/09/2012]
avgidsdrivera.sys	--a---- 246072 bytes	[03:40 27/02/2013]	[03:40 27/02/2013]
avgidsha.sys	--a---- 71480 bytes	[08:37 08/02/2013]	[08:37 08/02/2013]
avgldx64.sys	--a---- 206136 bytes	[08:37 08/02/2013]	[08:37 08/02/2013]
avgloga.sys	--a---- 311096 bytes	[08:37 08/02/2013]	[08:37 08/02/2013]
avgmfx64.sys	--a---- 116536 bytes	[08:37 08/02/2013]	[08:37 08/02/2013]
avgrkx64.sys	--a---- 45880 bytes	[08:37 08/02/2013]	[08:37 08/02/2013]
avgtdia.sys	--a---- 239416 bytes	[07:52 14/02/2013]	[07:52 14/02/2013]
avgtpx64.sys	--a---- 50976 bytes	[16:36 06/04/2013]	[12:34 12/08/2014]
battc.sys	--a---- 28936 bytes	[09:09 02/11/2006]	[03:27 25/04/2009]
bdasup.sys	--a---- 15616 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
blbdrive.sys	--a---- 55296 bytes	[04:02 21/01/2008]	[02:47 21/01/2008]
bowser.sys	--a---- 90624 bytes	[02:32 15/04/2011]	[14:16 18/02/2011]
BrFiltLo.sys	--a---- 18432 bytes	[11:08 02/11/2006]	[21:30 18/09/2006]
BrFiltUp.sys	--a---- 8704 bytes	[11:10 02/11/2006]	[21:30 18/09/2006]
bridge.sys	--a---- 119296 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
BrSerId.sys	--a---- 86528 bytes	[10:53 02/11/2006]	[08:43 02/11/2006]
BrSerWdm.sys	--a---- 47104 bytes	[11:09 02/11/2006]	[21:30 18/09/2006]
BrUsbMdm.sys	--a---- 14976 bytes	[11:10 02/11/2006]	[21:30 18/09/2006]
BrUsbSer.sys	--a---- 14720 bytes	[11:09 02/11/2006]	[11:42 19/09/2006]
bthmodem.sys	--a---- 50688 bytes	[09:44 02/11/2006]	[09:44 02/11/2006]
camfilt2.sys	--a---- 52736 bytes	[23:32 28/07/2010]	[20:07 13/08/2008]
CAXHWBS2.sys	--a---- 411136 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
CAX_CNXT.sys	--a---- 740864 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
CAX_DPV.sys	--a---- 1487872 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
cdfs.sys	--a---- 90624 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
cdr4_xp.sys	------- 10224 bytes	[19:37 09/07/2009]	[07:00 17/10/2007]
cdralw2k.sys	------- 10224 bytes	[19:37 09/07/2009]	[07:00 17/10/2007]
cdrom.sys	--a---- 79872 bytes	[01:16 27/11/2009]	[05:34 11/04/2009]
circlass.sys	--a---- 41984 bytes	[09:43 02/11/2006]	[02:47 21/01/2008]
Classpnp.sys	--a---- 164840 bytes	[01:18 27/11/2009]	[07:15 11/04/2009]
cmdide.sys	--a---- 18024 bytes	[09:38 02/11/2006]	[02:46 21/01/2008]
compbatt.sys	--a---- 21768 bytes	[09:09 02/11/2006]	[03:27 25/04/2009]
crashdmp.sys	--a---- 39400 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
crcdisk.sys	--a---- 27704 bytes	[09:39 02/11/2006]	[02:46 21/01/2008]
dfsc.sys	--a---- 97792 bytes	[02:28 16/06/2011]	[15:14 14/04/2011]
disk.sys	--a---- 67032 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
Diskdump.sys	--a---- 19968 bytes	[01:16 27/11/2009]	[05:34 11/04/2009]
djsvs.sys	--a---- 88168 bytes	[07:48 02/11/2006]	[11:50 02/11/2006]
Dot4.sys	--a---- 145408 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
Dot4Prt.sys	--a---- 19968 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
Dot4usb.sys	--a---- 42496 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
drmk.sys	--a---- 122368 bytes	[14:41 11/12/2013]	[03:55 30/10/2013]
drmkaud.sys	--a---- 6144 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
Dumpata.sys	--a---- 29656 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
dxapi.sys	--a---- 16896 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
dxg.sys	--a---- 98816 bytes	[01:16 27/11/2009]	[05:09 11/04/2009]
dxgkrnl.sys	--a---- 901568 bytes	[14:59 16/08/2014]	[00:56 14/06/2014]
e1e6032e.sys	--a---- 317952 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
E1G6032E.sys	--a---- 146176 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
ecache.sys	--a---- 155112 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
elxstor.sys	--a---- 397368 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
errdev.sys	--a---- 9216 bytes	[04:12 21/01/2008]	[03:27 25/04/2009]
exfat.sys	--a---- 187904 bytes	[01:17 27/11/2009]	[04:54 11/04/2009]
fastfat.sys	--a---- 198656 bytes	[07:12 15/10/2014]	[23:38 04/09/2014]
fdc.sys	--a---- 29696 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
fileinfo.sys	--a---- 70200 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
filetrace.sys	--a---- 33280 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
flpydisk.sys	--a---- 24576 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
fltMgr.sys	--a---- 275432 bytes	[01:18 27/11/2009]	[07:15 11/04/2009]
fs_rec.sys	--a---- 16384 bytes	[07:11 12/04/2012]	[13:52 29/02/2012]
FWPKCLNT.SYS	--a---- 166888 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
GAGP30KX.SYS	--a---- 68152 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
gm.dls	--a---- 3440660 bytes	[06:46 02/11/2006]	[21:24 18/09/2006]
gmreadme.txt	--a---- 646 bytes	[06:46 02/11/2006]	[21:24 18/09/2006]
hdaudbus.sys	--a---- 948736 bytes	[01:19 27/11/2009]	[05:39 11/04/2009]
hidbth.sys	--a---- 34304 bytes	[09:44 02/11/2006]	[09:44 02/11/2006]
hidclass.sys	--a---- 49152 bytes	[01:16 27/11/2009]	[05:39 11/04/2009]
hidir.sys	--a---- 25600 bytes	[09:43 02/11/2006]	[09:43 02/11/2006]
hidparse.sys	--a---- 31616 bytes	[17:41 10/10/2013]	[02:22 03/07/2013]
hidusb.sys	--a---- 15872 bytes	[01:16 27/11/2009]	[05:39 11/04/2009]
HpCISSs.sys	--a---- 47672 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
HSFProf.cty	--a---- 146036 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
http.sys	--a---- 620032 bytes	[08:01 11/03/2010]	[21:30 20/02/2010]
hxctlflt.sys	--a---- 111104 bytes	[02:43 09/02/2009]	[02:43 09/02/2009]
i2omgmt.sys	--a---- 20536 bytes	[09:39 02/11/2006]	[02:47 21/01/2008]
i2omp.sys	--a---- 35896 bytes	[09:38 02/11/2006]	[02:47 21/01/2008]
i8042prt.sys	--a---- 64000 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
iaStorV.sys	--a---- 290872 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
igdkmd64.sys	--a---- 10611552 bytes	[00:36 26/08/2010]	[00:36 26/08/2010]
iirsp.sys	--a---- 44648 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
intelide.sys	--a---- 19512 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
intelppm.sys	--a---- 48128 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
ipfltdrv.sys	--a---- 67584 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
IPMIDrv.sys	--a---- 76288 bytes	[09:22 02/11/2006]	[02:47 21/01/2008]
ipnat.sys	--a---- 115712 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
irda.sys	--a---- 119296 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
irenum.sys	--a---- 17408 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
isapnp.sys	--a---- 23608 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
iteatapi.sys	--a---- 37480 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
iteraid.sys	--a---- 37480 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
kbdclass.sys	--a---- 42040 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
kbdhid.sys	--a---- 22528 bytes	[01:17 27/11/2009]	[05:33 11/04/2009]
ks.sys	--a---- 188416 bytes	[01:17 27/11/2009]	[05:33 11/04/2009]
ksecdd.sys	--a---- 516480 bytes	[18:40 11/07/2012]	[15:29 04/06/2012]
ksthunk.sys	--a---- 20864 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
lltdio.sys	--a---- 59392 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
lsi_fc.sys	--a---- 113720 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
lsi_sas.sys	--a---- 105016 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
lsi_scsi.sys	--a---- 113720 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
luafv.sys	--a---- 109568 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
mbam.sys	--a---- 25816 bytes	[18:45 30/10/2014]	[11:14 21/11/2014]
mbamchameleon.sys	--a---- 93400 bytes	[18:45 30/10/2014]	[11:14 21/11/2014]
MBAMSwissArmy.sys	--a---- 129752 bytes	[18:45 30/10/2014]	[02:52 18/01/2015]
mcd.sys	--a---- 22016 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
mdmxsdk.sys	--a---- 17024 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
megasas.sys	--a---- 35896 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
MegaSR.sys	--a---- 438328 bytes	[03:52 21/01/2008]	[02:46 21/01/2008]
modem.sys	--a---- 40448 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
monitor.sys	--a---- 49152 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
mouclass.sys	--a---- 39992 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
mouhid.sys	--a---- 19968 bytes	[09:37 02/11/2006]	[02:46 21/01/2008]
mountmgr.sys	--a---- 70200 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
mpio.sys	--a---- 128056 bytes	[09:40 02/11/2006]	[02:47 21/01/2008]
mpsdrv.sys	--a---- 81408 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
Mraid35x.sys	--a---- 39016 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
mrxdav.sys	--a---- 139776 bytes	[08:11 14/01/2015]	[00:26 19/12/2014]
mrxsmb.sys	--a---- 135680 bytes	[02:28 16/06/2011]	[13:39 29/04/2011]
mrxsmb10.sys	--a---- 275456 bytes	[06:29 10/08/2011]	[15:49 06/07/2011]
mrxsmb20.sys	--a---- 107008 bytes	[02:28 16/06/2011]	[13:39 29/04/2011]
msahci.sys	--a---- 31288 bytes	[09:38 02/11/2006]	[03:26 25/04/2009]
msdsm.sys	--a---- 113720 bytes	[09:40 02/11/2006]	[02:47 21/01/2008]
msfs.sys	--a---- 26112 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
Msft_User_WpdFs_01_00_00.Wdf	--ah--- 0 bytes	[19:37 26/11/2009]	[19:37 26/11/2009]
Msft_User_WpdFs_01_07_00.Wdf	--ah--- 0 bytes	[07:16 22/08/2010]	[07:16 22/08/2010]
msisadrv.sys	--a---- 17976 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
msiscsi.sys	--a---- 215528 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
mskssrv.sys	--a---- 11008 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
mspclock.sys	--a---- 7040 bytes	[09:37 02/11/2006]	[09:37 02/11/2006]
mspqm.sys	--a---- 6656 bytes	[09:37 02/11/2006]	[09:37 02/11/2006]
msrpc.sys	--a---- 310760 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
mssmbios.sys	--a---- 34872 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
mstee.sys	--a---- 7936 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
mup.sys	--a---- 59880 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
mwac.sys	--a---- 64216 bytes	[18:45 30/10/2014]	[11:14 21/11/2014]
ndis.sys	--a---- 738264 bytes	[01:18 27/11/2009]	[07:15 11/04/2009]
ndistapi.sys	--a---- 24064 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
ndisuio.sys	--a---- 22016 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
ndiswan.sys	--a---- 169472 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
ndproxy.sys	--a---- 59904 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
netbios.sys	--a---- 44544 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
netbt.sys	--a---- 248320 bytes	[01:18 27/11/2009]	[05:42 11/04/2009]
netio.sys	--a---- 345984 bytes	[15:55 23/01/2013]	[08:34 06/04/2010]
nfrd960.sys	--a---- 51816 bytes	[07:48 02/11/2006]	[12:03 02/11/2006]
npfs.sys	--a---- 44544 bytes	[01:17 27/11/2009]	[04:54 11/04/2009]
nsiproxy.sys	--a---- 24064 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
ntfs.sys	--a---- 1513320 bytes	[14:10 10/04/2013]	[19:13 03/03/2013]
null.sys	--a---- 6144 bytes	[09:37 02/11/2006]	[09:37 02/11/2006]
nvraid.sys	--a---- 128056 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
nvstor.sys	--a---- 54328 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
NV_AGP.SYS	--a---- 126520 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
nwifi.sys	--a---- 187392 bytes	[01:16 27/11/2009]	[05:40 11/04/2009]
ohci1394.sys	--a---- 72192 bytes	[09:43 02/11/2006]	[09:43 02/11/2006]
pacer.sys	--a---- 94208 bytes	[01:17 27/11/2009]	[05:42 11/04/2009]
packet.sys	--a---- 29184 bytes	[22:48 18/06/2008]	[22:48 18/06/2008]
parport.sys	--a---- 96768 bytes	[09:37 02/11/2006]	[09:37 02/11/2006]
partmgr.sys	--a---- 72576 bytes	[18:12 10/05/2012]	[23:34 20/03/2012]
pci.sys	--a---- 178664 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
pciide.sys	--a---- 14312 bytes	[01:17 27/11/2009]	[07:14 11/04/2009]
pciidex.sys	--a---- 49640 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
pcmcia.sys	--a---- 203368 bytes	[09:10 02/11/2006]	[11:51 02/11/2006]
PEAuth.sys	--a---- 712704 bytes	[09:57 02/11/2006]	[02:08 24/10/2006]
pfvejoqy.sys	--a---- 49872 bytes	[13:52 14/09/2013]	[13:52 14/09/2013]
portcls.sys	--a---- 218112 bytes	[14:41 11/12/2013]	[02:33 30/10/2013]
processr.sys	--a---- 47104 bytes	[09:00 02/11/2006]	[02:46 21/01/2008]
psi_mf_amd64.sys	--a---- 18456 bytes	[14:47 06/12/2013]	[14:47 06/12/2013]
PxHlpa64.sys	------- 55280 bytes	[19:37 09/07/2009]	[19:11 18/05/2010]
ql2300.sys	--a---- 1221176 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
ql40xx.sys	--a---- 124008 bytes	[07:48 02/11/2006]	[11:50 02/11/2006]
qwavedrv.sys	--a---- 46592 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
rasacd.sys	--a---- 14848 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
rasl2tp.sys	--a---- 124928 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
raspppoe.sys	--a---- 50176 bytes	[01:16 27/11/2009]	[05:43 11/04/2009]
raspptp.sys	--a---- 98816 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
rassstp.sys	--a---- 78336 bytes	[01:16 27/11/2009]	[05:43 11/04/2009]
rdbss.sys	--a---- 287744 bytes	[01:18 27/11/2009]	[04:55 11/04/2009]
RDPCDD.sys	--a---- 7168 bytes	[02:51 21/01/2008]	[02:51 21/01/2008]
rdpdr.sys	--a---- 314368 bytes	[09:53 02/11/2006]	[02:46 21/01/2008]
RDPENCDD.sys	--a---- 7168 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
rdpwd.sys	--a---- 209920 bytes	[04:01 14/06/2012]	[14:29 01/05/2012]
rmcast.sys	--a---- 140288 bytes	[01:16 27/11/2009]	[05:42 11/04/2009]
RNDISMP.sys	--a---- 40960 bytes	[01:16 27/11/2009]	[05:43 11/04/2009]
rootmdm.sys	--a---- 11264 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
rspndr.sys	--a---- 75776 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
RTKVHD64.sys	--a---- 1699744 bytes	[22:07 09/07/2009]	[03:13 05/03/2009]
Rtlh64.sys	--a---- 302112 bytes	[10:42 12/01/2010]	[10:42 12/01/2010]
sbp2port.sys	--a---- 90216 bytes	[09:38 02/11/2006]	[11:50 02/11/2006]
scsiport.sys	--a---- 173112 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
secdrv.sys	--a---- 23040 bytes	[06:40 02/11/2006]	[23:51 29/09/2006]
serenum.sys	--a---- 23040 bytes	[09:37 02/11/2006]	[09:37 02/11/2006]
serial.sys	--a---- 94208 bytes	[09:38 02/11/2006]	[09:38 02/11/2006]
sermouse.sys	--a---- 26624 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
sffdisk.sys	--a---- 14848 bytes	[09:38 02/11/2006]	[02:47 21/01/2008]
sffp_mmc.sys	--a---- 14336 bytes	[09:38 02/11/2006]	[02:47 21/01/2008]
sffp_sd.sys	--a---- 13824 bytes	[09:38 02/11/2006]	[02:47 21/01/2008]
sfloppy.sys	--a---- 16384 bytes	[09:38 02/11/2006]	[09:38 02/11/2006]
sisraid2.sys	--a---- 45624 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
sisraid4.sys	--a---- 78392 bytes	[07:48 02/11/2006]	[02:47 21/01/2008]
smb.sys	--a---- 88064 bytes	[01:16 27/11/2009]	[05:42 11/04/2009]
smclib.sys	--a---- 20992 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
sncduvc.sys	--a---- 35840 bytes	[12:59 16/07/2008]	[12:59 16/07/2008]
snp2uvc.sys	--a---- 3552384 bytes	[17:46 22/04/2009]	[17:46 22/04/2009]
spldr.sys	--a---- 19432 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
SPPD.sys	--a---- 21976 bytes	[01:35 21/09/2014]	[01:35 21/09/2014]
spsys.sys	--a---- 594432 bytes	[01:19 27/11/2009]	[00:48 14/03/2009]
srv.sys	--a---- 450560 bytes	[02:33 15/04/2011]	[14:18 18/02/2011]
srv2.sys	--a---- 176128 bytes	[02:28 16/06/2011]	[13:41 29/04/2011]
srvnet.sys	--a---- 145920 bytes	[02:28 16/06/2011]	[13:40 29/04/2011]
Storport.sys	--a---- 164328 bytes	[01:18 27/11/2009]	[07:15 11/04/2009]
stream.sys	--a---- 68224 bytes	[01:16 27/11/2009]	[05:39 11/04/2009]
swenum.sys	--a---- 13032 bytes	[09:37 02/11/2006]	[02:46 21/01/2008]
symc8xx.sys	--a---- 49256 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
sym_hi.sys	--a---- 44648 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
sym_u3.sys	--a---- 48232 bytes	[07:48 02/11/2006]	[12:02 02/11/2006]
tape.sys	--a---- 29184 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
tcpip.sys	--a---- 1417664 bytes	[14:49 11/06/2014]	[04:26 05/04/2014]
tcpipreg.sys	--a---- 40448 bytes	[14:49 11/06/2014]	[02:32 05/04/2014]
tdi.sys	--a---- 26112 bytes	[01:16 27/11/2009]	[05:44 11/04/2009]
tdpipe.sys	--a---- 16384 bytes	[02:51 21/01/2008]	[02:51 21/01/2008]
tdtcp.sys	--a---- 29696 bytes	[02:51 21/01/2008]	[02:51 21/01/2008]
tdx.sys	--a---- 94720 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
termdd.sys	--a---- 62440 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
tssecsrv.sys	--a---- 29184 bytes	[20:12 14/08/2013]	[11:38 15/06/2013]
TUNMP.SYS	--a---- 18432 bytes	[02:48 21/01/2008]	[02:48 21/01/2008]
tunnel.sys	--a---- 29696 bytes	[03:56 15/04/2010]	[11:59 18/02/2010]
UAGP35.SYS	--a---- 67128 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
udfs.sys	--a---- 299008 bytes	[01:17 27/11/2009]	[04:54 11/04/2009]
ULIAGPKX.SYS	--a---- 68152 bytes	[09:10 02/11/2006]	[02:46 21/01/2008]
uliahci.sys	--a---- 284728 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
ulsata.sys	--a---- 148072 bytes	[07:48 02/11/2006]	[11:50 02/11/2006]
ulsata2.sys	--a---- 174696 bytes	[07:48 02/11/2006]	[02:46 21/01/2008]
umbus.sys	--a---- 41984 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
umpass.sys	--a---- 9728 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
usb8023.sys	--a---- 19456 bytes	[18:12 21/03/2013]	[02:18 12/02/2013]
usbaapl64.sys	--a---- 51712 bytes	[12:06 10/05/2011]	[12:06 10/05/2011]
USBAUDIO.sys	--a---- 99200 bytes	[17:41 10/10/2013]	[09:19 12/07/2013]
USBCAMD2.sys	--a---- 32640 bytes	[01:16 27/11/2009]	[05:39 11/04/2009]
usbccgp.sys	--a---- 95744 bytes	[17:40 10/10/2013]	[02:25 29/06/2013]
usbcir.sys	--a---- 79360 bytes	[09:43 02/11/2006]	[09:43 02/11/2006]
usbd.sys	--a---- 7552 bytes	[17:40 10/10/2013]	[02:25 29/06/2013]
usbehci.sys	--a---- 49664 bytes	[17:40 10/10/2013]	[14:17 05/05/2011]
usbhub.sys	--a---- 274944 bytes	[17:40 10/10/2013]	[02:25 29/06/2013]
usbohci.sys	--a---- 24064 bytes	[09:43 02/11/2006]	[09:43 02/11/2006]
usbport.sys	--a---- 259584 bytes	[17:40 10/10/2013]	[02:25 29/06/2013]
usbprint.sys	--a---- 24064 bytes	[02:46 21/01/2008]	[02:46 21/01/2008]
usbscan.sys	--a---- 40960 bytes	[17:41 10/10/2013]	[02:55 03/07/2013]
USBSTOR.SYS	--a---- 77824 bytes	[01:18 27/11/2009]	[05:39 11/04/2009]
usbuhci.sys	--a---- 29184 bytes	[17:40 10/10/2013]	[14:17 05/05/2011]
vga.sys	--a---- 28672 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
vgapnp.sys	--a---- 29184 bytes	[02:47 21/01/2008]	[02:47 21/01/2008]
viaide.sys	--a---- 18024 bytes	[09:38 02/11/2006]	[02:46 21/01/2008]
videoprt.sys	--a---- 126464 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
volmgr.sys	--a---- 67048 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
volmgrx.sys	--a---- 408024 bytes	[01:17 27/11/2009]	[07:15 11/04/2009]
volsnap.sys	--a---- 267648 bytes	[14:58 12/12/2012]	[11:50 21/08/2012]
vsmraid.sys	--a---- 149048 bytes	[07:48 02/11/2006]	[02:47 21/01/2008]
wacompen.sys	--a---- 26624 bytes	[09:40 02/11/2006]	[09:40 02/11/2006]
wanarp.sys	--a---- 86528 bytes	[01:17 27/11/2009]	[05:43 11/04/2009]
wanatw64.sys	--a---- 24064 bytes	[17:06 21/03/2010]	[22:24 29/11/2006]
watchdog.sys	--a---- 40448 bytes	[01:16 27/11/2009]	[05:09 11/04/2009]
wd.sys	--a---- 24120 bytes	[09:42 02/11/2006]	[02:47 21/01/2008]
Wdf01000.sys	--a---- 785624 bytes	[17:40 10/10/2013]	[23:00 26/06/2013]
WdfLdr.sys	--a---- 54376 bytes	[17:40 10/10/2013]	[23:00 26/06/2013]
wmiacpi.sys	--a---- 14336 bytes	[09:09 02/11/2006]	[03:27 25/04/2009]
wmilib.sys	--a---- 19512 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
ws2ifsl.sys	--a---- 20992 bytes	[02:49 21/01/2008]	[02:49 21/01/2008]
WUDFPf.sys	--a---- 65024 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
WUDFRd.sys	--a---- 108544 bytes	[02:50 21/01/2008]	[02:50 21/01/2008]
XAudio64.exe	--a---- 412672 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]
XAudio64.sys	--a---- 10240 bytes	[22:07 09/07/2009]	[04:11 02/07/2008]

---Folders---
en-US	d------	[15:15 02/11/2006]
etc	d------	[13:33 02/11/2006]
UMDF	d------	[13:33 02/11/2006]

========== file ==========

C:\Users\john\AppData\Local\Temp\7zS6196\HPHNDUSVC.dll - Unable to find/read file.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs. I've created a fix, and also forwarded the details of the C:\rei to Symantec, as their latest update about it doesn't mention it, and I feel it should be there, as it seems to have downloaders etc :up:

So, onto the fix 

Okay, now we're going to run OTL again, but to fix some of the issues 
Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT]
:Files
C:\Users\john\AppData\Local\Temp\reimage.log
C:\Windows\temp\reimage.log
C:\Users\john\Downloads\PC Utility Kit Installer (1).exe
C:\Users\john\Downloads\PC Utility Kit Installer.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
C:\ProgramData\PC Utility Kit
C:\Users\All Users\PC Utility Kit
C:\Users\john\AppData\Roaming\PC Utility Kit
C:\rei
:Reg
[-HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage]
[-HKEY_CURRENT_USER\Software\Reimage]
[-HKEY_CURRENT_USER\Software\reimagerepair]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Reimage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Reimage]
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\reimagerepair]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\ReimagePackage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\Reimage.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\john\Downloads\ReimageRepair (1).exe"=-
[-HKEY_CURRENT_USER\Software\PC Utility Kit]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[-HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit]
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Utility Kit]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=-
[HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe"=- 
:Commands
[emptytemp]
[purity] 
[emptyjava]
[EMPTYFLASH]
```
 *NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.


----------



## duhme (Dec 2, 2003)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\john\AppData\Local\Temp\reimage.log moved successfully.
C:\Windows\temp\reimage.log moved successfully.
C:\Users\john\Downloads\PC Utility Kit Installer (1).exe moved successfully.
C:\Users\john\Downloads\PC Utility Kit Installer.exe moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search\cache folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search folder moved successfully.
C:\ProgramData\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit folder moved successfully.
File\Folder C:\Users\All Users\PC Utility Kit not found.
C:\Users\john\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\john\AppData\Roaming\PC Utility Kit folder moved successfully.
C:\rei\Temp\20150116_1307\DownloaderTemp folder moved successfully.
C:\rei\Temp\20150116_1307 folder moved successfully.
C:\rei\Temp folder moved successfully.
C:\rei\Results\EXE1.8.0.3\RUN20150116_1307 folder moved successfully.
C:\rei\Results\EXE1.8.0.3 folder moved successfully.
C:\rei\Results folder moved successfully.
C:\rei\AV\Microsoft.VC90.CRT folder moved successfully.
C:\rei\AV folder moved successfully.
C:\rei folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Reimage\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\reimagerepair\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Reimage\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector\ not found.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ not found.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reimage\ not found.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Reimage\ not found.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\reimagerepair\ not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\ReimagePackage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\Reimage.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\AppData\Local\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\john\Downloads\ReimageRepair (1).exe not found.
Registry key HKEY_CURRENT_USER\Software\PC Utility Kit\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe not found.
Registry key HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\PC Utility Kit\ not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC Utility Kit\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe not found.
Registry value HKEY_USERS\S-1-5-21-2019879599-2988540177-3845787192-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: john
->Temp folder emptied: 316564935 bytes
->Temporary Internet Files folder emptied: 57150734 bytes
->Java cache emptied: 316927 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 391069027 bytes
->Flash cache emptied: 1244 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1557600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39247767 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 42262338 bytes

Total Files Cleaned = 809.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: john
->Java cache emptied: 0 bytes

User: Public

User: RA Media Server

User: TEMP

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: john
->Flash cache emptied: 0 bytes

User: Public

User: RA Media Server

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01302015_124835

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET111B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET231.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET76F.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET7DF.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET9F8.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## duhme (Dec 2, 2003)

I thought I had removed reimage a couple times . What do you think I am doing wrong?


----------



## eddie5659 (Mar 19, 2001)

You probably did, but the one at C:\rei had downloaders etc, so they may have been waiting, to install again if uninstalled.

Okay, lets run an online scan here to see if anything is showing 

*Please run a free online scan with the ESET Online Scanner:*

_*IMPORTANT: You MUST use Internet Explorer for this step!*_


Visit the ESET Online Scanner Web Page
Select the blue *Run ESET Online Scanner* button:










Tick the box next to *YES, I accept the Terms of Use* and click *Start*










When asked, allow the ActiveX control to install.
Select* Enable detection of potentially unwanted applications* and select *Advanced Settings*:










Make sure to check the options *Remove found threats* and *Enable Anti-Stealth technology* are checked:










Click *Start*. (This scan can take several hours, so please be patient):










Once the scan is completed, select *List of found threats*:










Select *Export to text file...* and save the file as *ESETlog.txt* on your *Desktop*:










Click the *Back* button.
Click the *Finish* button:










Use *Notepad *to open the saved log file (on your Desktop- ESET.txt)[/b]
Copy and paste that log as a reply to this topic.

eddie


----------



## duhme (Dec 2, 2003)

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\uninstall.exe.vir	Win32/Wajam.K potentially unwanted application	deleted - quarantined
C:\FRST\Quarantine\C\Users\john\AppData\Local\Temp\ReimagePackage.exe.xBAD	a variant of Win32/ReImageRepair.E potentially unwanted application	deleted - quarantined


----------



## eddie5659 (Mar 19, 2001)

They're okay, they were already removed by the tools 

How's the computer running now?


----------



## duhme (Dec 2, 2003)

Everything is ok except for minor red x problems in certain emails but thats with them not me. I think. lol.... I really appreciate all the time you took to help me. I dont know what I would do with out this site. I need to contribute and probably will soon. It is a real blessing to have such knowledgeable techs volunteering their help. Thank you so much.


----------



## eddie5659 (Mar 19, 2001)

That's good to hear that all is well again 

I'll post my closeout speech now, as it explains how to remove the tools we've used etc. Again, any questions, just ask 

---------

We have a couple of last steps to perform and then you're all set.

We need to remove the tools we've used during cleaning your machine


Download Delfix from here
Ensure *Remove disinfection tools* is ticked
*Also tick:
*
Create registry backup
Purge system restore










Click *Run*
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

======================
Also, remove the following from the Desktop, if still there after doing the above:

*
Security Check
SystemLook
sfp.zip
FRST
*
==============================

*Create Restore Point (Win7/Vista)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

Set Explorer to hide Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Don't Show all Files and Folders
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.


*CryptoPrevent* install this programme to lock down and prevent crypto ransome ware (download link at bottom of page)



















To keep your operating system up to date:

*All security updates released by Microsoft must be* *Automatically Installed.*

Click *Start* and in the search box type *windows update* and press *ENTER. *
Click *Change Settings* and make sure the *Install updates automatically (recommended)* option is selected, if not select it and click *O.K* to save settings.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.

And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## duhme (Dec 2, 2003)

# DelFix v10.8 - Logfile created 23/02/2015 at 12:31:38
# Updated 29/07/2014 by Xplode
# Username : john - SANDY-PC
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\john\Downloads\FRST-OlderVersion

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########


----------



## eddie5659 (Mar 19, 2001)

That looks good, if DelFix is still there, you can delete it, as its removed the folders now 

eddie


----------

