Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dpx.js i.simpli.fi & bk-coretag.js tags.bkrtx.com popups


  • This topic is locked This topic is locked
74 replies to this topic

#1 annette53

annette53

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 14 March 2014 - 09:26 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Annette at 21:11:42 on 2014-03-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2988.207 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Backblaze\bzserv.exe
C:\Windows\system32\CISVC.EXE
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BlueStacks\HD-Service.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BlueStacks\HD-Network.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-BlockDevice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\conhost.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\Multipl2.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Drag.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AOL\1363269673\ee\aolsoftware.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
C:\Users\Annette\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\IObit\Advanced SystemCare 7\DiskDefrag.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\Backblaze\bzfilelist.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - <orphaned>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: VIPTToolbarManager Class: {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - c:\program files\visual ip trace 2009\VisualIPTraceIE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PC Gizmos BHO: {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - c:\users\annette\appdata\roaming\pc-gizmos\PCGizmosBHO.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - <orphaned>
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Visual IP Trace: {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - c:\program files\visual ip trace 2009\VisualIPTraceIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
uRun: [KiesPDLR.exe] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe Run
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [IntelPAN] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PAN Tray
mRun: [ISUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SavvyConnectMenu] "c:\program files\luth research\savvyconnectframework\bin\scui\SavvyConnectUI.exe" -a
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HostManager] c:\program files\common files\aol\1363269673\ee\AOLSoftware.exe
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\users\annette\appdata\local\apps\2.0\cj1m0716.rxy\rt15wgg5.2pa\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\annette\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\infous~1.lnk - c:\users\annette\appdata\roaming\fisher & paykel healthcare\infousbdetector\InfoUSBDetector.exe
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\yowindow.lnk - c:\program files\yowindow\yowindow.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\openvp~1.lnk - c:\program files\openvpn technologies\openvpn client\core\ovpntray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clear Fields - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComClearFields.html
IE: Customize Menu - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Logoff - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComLogoff.html
IE: Password Generator - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComPasswordGenerator.html
IE: Reset Fields - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComResetFields.html
IE: RoboForm Editor - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComEditIdent.html
IE: RoboForm Options - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComOptions.html
IE: RoboForm TaskBar Icon - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Save Forms - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: Set Fields - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSetFields.html
IE: Show RoboForm Toolbar - C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F52} - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: hrbcompass.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0557EB30-AD6D-4408-A5EB-A5A666C88484} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{517258BF-A121-4D43-BD13-34621ACBD3DB} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{54504ED5-F09F-4EA0-AA0A-C856CA0C894B} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{54504ED5-F09F-4EA0-AA0A-C856CA0C894B}\3456E6475727974556C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{71AFEA65-54D8-4166-9623-54818C4CC2F6} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7218C14B-CABB-43DE-AB6E-AE2F6F2566E4} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7218C14B-CABB-43DE-AB6E-AE2F6F2566E4}\64163747027596649602455647865627 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{7218C14B-CABB-43DE-AB6E-AE2F6F2566E4}\64F68764961353 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{7218C14B-CABB-43DE-AB6E-AE2F6F2566E4}\7586964756C496F6E6 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{82F42AEE-D432-4DD7-9DEF-44213F91E5A7} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E139E347-874A-4ECD-B965-2ADF34519520} : DHCPNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli c:\program files\lenovo\bluetooth software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.94.0.1 client.openvpn.net
Hosts: 127.94.0.2 openvpn-client.vpn1.mediainsiderspanel.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\annette\appdata\roaming\mozilla\firefox\profiles\5ytsdaop.default-1390228159534\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\annette\appdata\local\microsoft\internet explorer\downloaded program files\npsoe.dll
FF - plugin: c:\users\annette\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
.chm: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-03-14 08:26:41 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3be742c3-fae0-4880-85c7-754c92c31d8b}\offreg.dll
2014-03-14 08:22:48 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3be742c3-fae0-4880-85c7-754c92c31d8b}\mpengine.dll
2014-03-13 22:47:10 -------- d-----w- C:\f97e7f316b6c73f24b70
2014-03-12 23:49:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-12 03:45:57 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-04 00:10:47 144664 ----a-w- c:\windows\system32\secman.dll
2014-03-03 23:58:45 184192 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-03-03 23:58:44 88576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-02-16 12:53:49 -------- d-----w- c:\program files\AOL Desktop 9.7
2014-02-16 12:53:48 -------- d-----w- c:\program files\common files\aolshare
2014-02-16 12:30:54 -------- d-----w- c:\users\annette\appdata\roaming\ProductData
.
==================== Find3M  ====================
.
2014-03-12 02:45:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:45:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-16 12:52:26 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2014-02-08 01:27:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-08 01:27:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-08 01:27:31 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-08 01:27:30 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-23 22:40:18 268968 ----a-w- c:\windows\system32\sqlite3.dll
2014-01-16 14:01:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-08 21:54:22 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2013-12-31 06:03:50 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-24 23:09:41 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-24 16:40:32 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-21 08:56:47 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 12:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-09 23:40:04 12767232 ----a-w- c:\program files\common files\lpuninstall.exe
2013-02-10 04:42:49 707728 ----a-w- c:\program files\gtUninstall GamingWonderland.dll
2013-02-10 04:42:49 178568 ----a-w- c:\program files\gtres.dll
.
============= FINISH: 21:15:35.81 ===============
 



BC AdBot (Login to Remove)

 


#2 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 14 March 2014 - 09:30 PM

forgot to attach the attach txt

Attached Files



#3 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 15 March 2014 - 11:24 AM

Hi annette53 and Welcome to BleepingComputer!

I am currently looking though your logs and will advice you on what to do in my next reply.
It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#4 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 March 2014 - 11:37 AM

ok ty so much



#5 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 15 March 2014 - 02:10 PM

Hello annette53

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1
Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Utorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Step 2

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

IObit Uninstaller

Step 3

Can you tell me why you have the following programs installed on your computer?

PrivitizeVPN
OpenVPN Connect

Step 4

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 5

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    autoclean;
    emptyclsid;
    standardsearch;
    services-list;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Edited by seedy21, 15 March 2014 - 02:10 PM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#6 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 March 2014 - 05:13 PM

uninstalled iobit uninstaller

not sure why this font is so small

not sure why i installed privitize or openvpn



#7 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 15 March 2014 - 05:50 PM

Thank you.

 

Please continue with the rest of the step's


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#8 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 March 2014 - 06:54 PM

# AdwCleaner v3.022 - Report created 15/03/2014 at 17:28:43
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Annette - ANNETTE-PC
# Running from : C:\Users\Annette\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eazel
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Eazel
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Secure Speed Dial
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\YrJie
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\Annette\AppData\Local\Conduit
Folder Deleted : C:\Users\Annette\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Annette\AppData\Local\emaze
Folder Deleted : C:\Users\Annette\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Annette\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Annette\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Annette\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Annette\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Annette\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Annette\AppData\Roaming\strongvault
Folder Deleted : C:\Users\Annette\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eazel
Folder Deleted : C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Annette\Documents\Mobogenie
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\0h08vrzv.default-1377724874309\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\kwm18aig.default-1376693422241\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default\Extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
Folder Deleted : C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default\user.js
File Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\user.js
File Deleted : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default\user.js
File Deleted : C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B9B3944-9F3B-468C-8E5A-6DC7441268AA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B9B3944-9F3B-468C-8E5A-6DC7441268AA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A574D15-BB26-4257-9133-1C30A075ADE3}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A574D15-BB26-4257-9133-1C30A075ADE3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Eazel_3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Eazel_3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\a08dd0e035b913
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_eazel_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_eazel_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sms-free-send_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_sms-free-send_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Eazel
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\Eazel
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eazel
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default\prefs.js ]

[ File : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534\prefs.js ]

[ File : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\prefs.js ]

[ File : C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default\prefs.js ]

Line Deleted : user_pref("CT2998365.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2998365.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT2998365.1000234.TWC_TMP_city", "AUSTIN");
Line Deleted : user_pref("CT2998365.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT2998365.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT2998365.1000234.TWC_locId", "USTX0057");
Line Deleted : user_pref("CT2998365.1000234.TWC_location", "Austin, TX");
Line Deleted : user_pref("CT2998365.1000234.TWC_region", "US");
Line Deleted : user_pref("CT2998365.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT2998365.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT2998365.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"56°F\",\"temperatureClear\":\"56°F\",\"highTemperature\":\"83°F\",\"lowTemperature\":\"58°F\",\"feelsLike\":\"56°F\",[...]
Line Deleted : user_pref("CT2998365.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.FirstTime", "true");
Line Deleted : user_pref("CT2998365.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2998365.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT2998365.UserID", "UN23569548042054229");
Line Deleted : user_pref("CT2998365.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2998365.autoDisableScopes", -1);
Line Deleted : user_pref("CT2998365.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2998365.defaultSearch", "true");
Line Deleted : user_pref("CT2998365.enableAlerts", "true");
Line Deleted : user_pref("CT2998365.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2998365.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2998365.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2998365.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2998365.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2998365.fixUrls", true);
Line Deleted : user_pref("CT2998365.homepageuserchanged", true);
Line Deleted : user_pref("CT2998365.installId", "cidoc");
Line Deleted : user_pref("CT2998365.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2998365.installerVersion", "1.3.6.5");
Line Deleted : user_pref("CT2998365.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2998365.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2998365.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2998365.keyword", true);
Line Deleted : user_pref("CT2998365.lastVersion", "10.14.370.524");
Line Deleted : user_pref("CT2998365.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT2998365.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2998365.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Asupport\",\"EB_MAIN_FRAME_TITLE\":\"Troubleshooting%20Information\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"h[...]
Line Deleted : user_pref("CT2998365.openThankYouPage", "false");
Line Deleted : user_pref("CT2998365.openUninstallPage", "true");
Line Deleted : user_pref("CT2998365.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2998365.search.searchAppId", "129484477948531726");
Line Deleted : user_pref("CT2998365.search.searchCount", "2");
Line Deleted : user_pref("CT2998365.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT2998365.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2998365.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2998365.searchUserMode", "2");
Line Deleted : user_pref("CT2998365.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2998365\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Oople.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Oople\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2998365.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363258935881");
Line Deleted : user_pref("CT2998365.serviceLayer_services_appsMetadata_lastUpdate", "1363338865052");
Line Deleted : user_pref("CT2998365.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363258935781");
Line Deleted : user_pref("CT2998365.serviceLayer_services_location_lastUpdate", "1363382109117");
Line Deleted : user_pref("CT2998365.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363382109351");
Line Deleted : user_pref("CT2998365.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363258935813");
Line Deleted : user_pref("CT2998365.serviceLayer_services_searchAPI_lastUpdate", "1363258934063");
Line Deleted : user_pref("CT2998365.serviceLayer_services_serviceMap_lastUpdate", "1363382107938");
Line Deleted : user_pref("CT2998365.serviceLayer_services_setupAPI_lastUpdate", "1363258932309");
Line Deleted : user_pref("CT2998365.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363258935751");
Line Deleted : user_pref("CT2998365.serviceLayer_services_toolbarSettings_lastUpdate", "1363382109122");
Line Deleted : user_pref("CT2998365.serviceLayer_services_translation_lastUpdate", "1363382109229");
Line Deleted : user_pref("CT2998365.settingsINI", true);
Line Deleted : user_pref("CT2998365.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2998365.smartbar.CTID", "CT2998365");
Line Deleted : user_pref("CT2998365.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2998365.smartbar.homepage", true);
Line Deleted : user_pref("CT2998365.smartbar.isHidden", true);
Line Deleted : user_pref("CT2998365.smartbar.toolbarName", "Oople ");
Line Deleted : user_pref("CT2998365.startPage", "true");
Line Deleted : user_pref("CT2998365.toolbarBornServerTime", "14-3-2013");
Line Deleted : user_pref("CT2998365.toolbarCurrentServerTime", "16-3-2013");
Line Deleted : user_pref("CT2998365.toolbarLoginClientTime", "Thu Mar 14 2013 06:02:16 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2998365.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT2998365.url_history0001.enc", "aHR0cDovL2Rhb2wuYW9sLmNvbS9zb2Z0d2FyZS9hb2xkZXNrdG9wOTdhbHQvOjo6Y2xpY2toYW5kbGVyOjo6MTM2MzI4ODUyOTE0MywsLGh0dHA6Ly9kYW9sLmFvbC5jb20vc29mdHdhcmUvYW9sZGVza3Rv[...]
Line Deleted : user_pref("CT2998365_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363383692594,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361248362788,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3282123.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3282123.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3282123.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3282123.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.FirstTime", "true");
Line Deleted : user_pref("CT3282123.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3282123.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3282123.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3282123.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3282123.UserID", "UN11605534396361572");
Line Deleted : user_pref("CT3282123.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3282123.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT3282123.cbfirsttime.enc", "U2F0IEZlYiAwOSAyMDEzIDIwOjUzOjE1IEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3282123.embeddedsData", "[{\"appId\":\"130037696174414078\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3282123.enableAlerts", "always");
Line Deleted : user_pref("CT3282123.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3282123.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3282123.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3282123.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3282123.fixUrls", true);
Line Deleted : user_pref("CT3282123.installType", "DirectDownload");
Line Deleted : user_pref("CT3282123.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3282123.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3282123.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3282123.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3282123.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.lastVersion", "10.14.42.7");
Line Deleted : user_pref("CT3282123.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3282123.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Google\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://G[...]
Line Deleted : user_pref("CT3282123.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3282123.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3282123.search.searchAppId", "130037696174414078");
Line Deleted : user_pref("CT3282123.search.searchCount", "1");
Line Deleted : user_pref("CT3282123.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3282123.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3282123.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282123\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://GameMaster21B.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Game Master 2.1 B\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3282123.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360471981287");
Line Deleted : user_pref("CT3282123.serviceLayer_services_appsMetadata_lastUpdate", "1360471978429");
Line Deleted : user_pref("CT3282123.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360471975794");
Line Deleted : user_pref("CT3282123.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360518772035");
Line Deleted : user_pref("CT3282123.serviceLayer_services_menu_434a494ed505ad77ce4cfa879a61a43c_lastUpdate", "1360471978002");
Line Deleted : user_pref("CT3282123.serviceLayer_services_menu_a43e6069358144da1b2908ca82c52bd7_lastUpdate", "1360471977246");
Line Deleted : user_pref("CT3282123.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360471975901");
Line Deleted : user_pref("CT3282123.serviceLayer_services_searchAPI_lastUpdate", "1360471972360");
Line Deleted : user_pref("CT3282123.serviceLayer_services_serviceMap_lastUpdate", "1360471971526");
Line Deleted : user_pref("CT3282123.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360471975838");
Line Deleted : user_pref("CT3282123.serviceLayer_services_toolbarSettings_lastUpdate", "1360525973630");
Line Deleted : user_pref("CT3282123.serviceLayer_services_translation_lastUpdate", "1360471975785");
Line Deleted : user_pref("CT3282123.settingsINI", true);
Line Deleted : user_pref("CT3282123.smartbar.CTID", "CT3282123");
Line Deleted : user_pref("CT3282123.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3282123.smartbar.toolbarName", "Game Master 2.1 B ");
Line Deleted : user_pref("CT3282123.toolbarBornServerTime", "10-2-2013");
Line Deleted : user_pref("CT3282123.toolbarCurrentServerTime", "10-2-2013");
Line Deleted : user_pref("CT3282123.url_history0001.enc", "aHR0cDovL2dhbWVzeGl0ZS5jb20vYnJvd3NlLnBocD9nZW5yZT1hbGwmc29ydD1kYXRlJm9yZGVyPWRlc2MmZ3R5cGU9cGM6OjpjbGlja2hhbmRsZXI6OjoxMzYwNDcyMDU5NDU4LCwsaHR0cDovL2dhbWVz[...]
Line Deleted : user_pref("CT3282123_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1360504245778,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3290520.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.FF19Solved", "true");
Line Deleted : user_pref("CT3290520.FirstTime", "true");
Line Deleted : user_pref("CT3290520.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3290520.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3290520.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3290520.UserID", "UN49628151543828998");
Line Deleted : user_pref("CT3290520.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3290520.autoDisableScopes", -1);
Line Deleted : user_pref("CT3290520.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3290520.defaultSearch", "true");
Line Deleted : user_pref("CT3290520.embeddedsData", "[{\"appId\":\"130071703171218000\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3290520.enableAlerts", "always");
Line Deleted : user_pref("CT3290520.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3290520.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3290520.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3290520.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3290520.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3290520.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3290520.fixUrls", true);
Line Deleted : user_pref("CT3290520.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3290520.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3290520.installerVersion", "1.3.6.5");
Line Deleted : user_pref("CT3290520.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3290520.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3290520.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3290520.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3290520.keyword", "true");
Line Deleted : user_pref("CT3290520.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3290520.mam_gk_Coming_Up_Next_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_Easytobook_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_Find-a-Pro_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_JobsMiner_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_SundaySky_appState.enc", "b24=");
Line Deleted : user_pref("CT3290520.mam_gk_appStateReportTime.enc", "MTM2MzM4MTk5Njg5Mg==");
Line Deleted : user_pref("CT3290520.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3290520.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3290520.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlN1bmRheVNreSIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjI4MjY2NTk1LTZiMDYtNGZlYS05NWUwLTA1YzgzOTllYzBlNCIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3290520.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Deleted : user_pref("CT3290520.mam_gk_eventsCache.enc", "eyJjMzIyODcwZS05NjU4LTQ0MDYtYmQyNC01ODQ5OWYyMDIyNDQiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiYzMyMjg3MGUtOTY1OC00N[...]
Line Deleted : user_pref("CT3290520.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3290520.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3290520.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3290520.mam_gk_lastLoginTime.enc", "MTM2MzM4MTk5MjI4Mg==");
Line Deleted : user_pref("CT3290520.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3290520.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3290520.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTcyXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3290520.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3290520.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3290520.mam_gk_userId.enc", "YTIwZGI5ODktMWYxMy00NDg5LThmMDUtYWRkMzlkYWRjM2Q4");
Line Deleted : user_pref("CT3290520.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3290520.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3290520.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Asupport\",\"EB_MAIN_FRAME_TITLE\":\"Troubleshooting%20Information\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"h[...]
Line Deleted : user_pref("CT3290520.openThankYouPage", "false");
Line Deleted : user_pref("CT3290520.openUninstallPage", "true");
Line Deleted : user_pref("CT3290520.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3290520.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3290520.sac-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3290520.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MzM4MTk5ODE5NiwxNDQwMDAwMF19");
Line Deleted : user_pref("CT3290520.sac-user-ab-groups.enc", "eyJmZWVkIjo5MSwiaG92ZXJfZWZmZWN0IjoxOSwiY2FsbF90b19hY3Rpb24iOjMxLCJwbGFjZW1lbnQiOjM3LCJpbWFnZV9hbmFseXNpcyI6NzMsInRyaWdnZXIiOjQ5fQ==");
Line Deleted : user_pref("CT3290520.sac-user-id.enc", "IjVhNjVjOWYxLTA0OTAtNGM4YS05Y2IzLWNjZmFkOWM5ZjNlZSI=");
Line Deleted : user_pref("CT3290520.sac-yt-first-ping.enc", "MTM2MzM4MTk5ODE1NA==");
Line Deleted : user_pref("CT3290520.search.searchAppId", "130071703171218000");
Line Deleted : user_pref("CT3290520.search.searchCount", "0");
Line Deleted : user_pref("CT3290520.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3290520.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3290520.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3290520.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3290520\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Instagrille.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Instagrille\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3290520.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363381987517");
Line Deleted : user_pref("CT3290520.serviceLayer_services_appsMetadata_lastUpdate", "1363383718173");
Line Deleted : user_pref("CT3290520.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363381987474");
Line Deleted : user_pref("CT3290520.serviceLayer_services_location_lastUpdate", "1363381985509");
Line Deleted : user_pref("CT3290520.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363381988291");
Line Deleted : user_pref("CT3290520.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363381987400");
Line Deleted : user_pref("CT3290520.serviceLayer_services_searchAPI_lastUpdate", "1363381985515");
Line Deleted : user_pref("CT3290520.serviceLayer_services_serviceMap_lastUpdate", "1363381985069");
Line Deleted : user_pref("CT3290520.serviceLayer_services_setupAPI_lastUpdate", "1363381988953");
Line Deleted : user_pref("CT3290520.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363381987300");
Line Deleted : user_pref("CT3290520.serviceLayer_services_toolbarSettings_lastUpdate", "1363383718373");
Line Deleted : user_pref("CT3290520.serviceLayer_services_translation_lastUpdate", "1363381987464");
Line Deleted : user_pref("CT3290520.settingsINI", true);
Line Deleted : user_pref("CT3290520.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3290520.smartbar.CTID", "CT3290520");
Line Deleted : user_pref("CT3290520.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3290520.smartbar.homepage", true);
Line Deleted : user_pref("CT3290520.smartbar.toolbarName", "Instagrille ");
Line Deleted : user_pref("CT3290520.startPage", "true");
Line Deleted : user_pref("CT3290520.toolbarBornServerTime", "16-3-2013");
Line Deleted : user_pref("CT3290520.toolbarCurrentServerTime", "16-3-2013");
Line Deleted : user_pref("CT3290520.wreck-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3290520.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYzMzgxOTk3NjI2LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3290520.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjc1LCJ0cmlnZ2VyIjo0MiwiaG92ZXJfZWZmZWN0Ijo4Nn0=");
Line Deleted : user_pref("CT3290520.wreck-user-id.enc", "ImVjNTQyZDI4LTllMWItNDU1Zi05ODk3LTkyM2MzNzU1OTAwMiI=");
Line Deleted : user_pref("CT3290520.ytt-mam-test-ol-ts.enc", 1879095830);
Line Deleted : user_pref("CT3290520.ytt-mam-test-uid-ol.enc", "Yjg4ZmQxMjItYzI3NC00NjEwLTkwYjMtODk1NmQyNDY4ZTky");
Line Deleted : user_pref("CT3290520_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363383693263,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Instagrille Customized Web Search");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.pu-results.info/?pid=279&r=2013/02/21&hid=2573490111&lg=EN&cc=SE&l=1&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3290520");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Instagrille Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Mail,Reader,Web Search,Maps,Calendar,Wave,Dashboard,Google Shortcuts Settings,Aardvark,Android Market,Apps Marketplace,Books");
Line Deleted : user_pref("extensions.5125839741f6e.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.5125e39f48744.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "a6c9d9eb0000000000008ca982bda7f3");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15746");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a6c9d9eb0000000000008ca982bda7f3&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1020:17:09");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=120024");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.browserprotect.homepage", "hxxp://search.conduit.com/?ctid=CT3290520&CUI=UN49628151543828998&UM=2&SearchSource=13&UP=SP070BC27C-A89C-4AC4-B201-94CBA1376FD4");
Line Deleted : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Line Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"39\": {\"id\": \"39\",\"title\": \"LuckySavings\",\"type\": \"EXE\",\"url\": \"hxxp://cdn.outbrowse.com/components/Lucky[...]
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9304CA38-BC85-4B25-ACC5-2F61CDE90365&n=77fc42f8&ind=2013020920&p2=^Z7^xdm131^YY^us&si=[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9304CA38-BC85-4B25-ACC5-2F61CDE90365&n=77fc42f8&p2=^Z7^xdm131^YY^us&si=jenya");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2013020920");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "^Z7^xdm131^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "jenya");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "9304CA38-BC85-4B25-ACC5-2F61CDE90365");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1360525857409");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.searchHistory", "sims deluxe pc");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "73301");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "gamingwonderland@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
Line Deleted : user_pref("extensions.webbooster@iminent.com.install-event-fired", true);
Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"16\",\"name\":\"Firefox B\",\"headerURL\":\"hxxp://getpersonas-cdn.mozilla.net/static/1/6/16/newfirefoxheader.png?1299763251\",\"footerURL\":\"htt[...]
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3290520");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290520&SearchSource=2&CUI=UN49628151543828998&UM=2&q=");
Line Deleted : user_pref("smartbar.machineId", "H6+VJKO3FYKUPZ64DKVW4HBGPQZQSOJTHWLES5XKPDQRRVRRQVEA36JBWZZW2O3RB7RHMYDNAKDXVRMWRYCEOG");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.pu-results.info/?pid=279&r=2013/02/21&hid=2573490111&lg=EN&cc=SE&l=1&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "hxxp://www.google.com/search");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [47655 octets] - [15/03/2014 17:22:23]
AdwCleaner[S0].txt - [48612 octets] - [15/03/2014 17:28:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [48673 octets] ##########

 

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Annette on Sat 03/15/2014 at 17:54:09.37.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annette\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/15/2014 5:57:49 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F017BC7-5B3D-43BE-B3DA-551FE816E8E6} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2C5E510-BE6D-42CC-9F61-E4F939078474} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551174} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2C5E510-BE6D-42CC-9F61-E4F939078474} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A86EFAD9-8377-476D-9192-CF440B6F88EC} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110311551174} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc09c55d-0375-4dcc-836e-0e3c8addfbda} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{bc09c55d-0375-4dcc-836e-0e3c8addfbda} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully
HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Backblaze\bzserv.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BlueStacks\HD-Service.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BlueStacks\HD-Network.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-BlockDevice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AOL\1363269673\ee\aolsoftware.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\Multipl2.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Drag.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Drag.exe
C:\Users\Annette\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Annette\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [BstHdAndroidSvc] - BlueStacks Android Service - "C:\Program Files\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
R2 - [BstHdLogRotatorSvc] - BlueStacks Log Rotator Service - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
R2 - [btwdins] - Bluetooth Service - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
R2 - [bzserv] - Backblaze Service - C:\Program Files\Backblaze\bzserv.exe
R2 - [Freemake Improver] - Freemake Improver - "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
R2 - [FreemakeVideoCapture] - FreemakeVideoCapture - "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe"
R2 - [lxduCATSCustConnectService] - lxduCATSCustConnectService - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
R2 - [Multiplicity] - Multiplicity Service - C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
R2 - [OfficeSvc] - Microsoft Office Service - C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
R2 - [OpenVPNAccessClient] - OpenVPN Access Client - "C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe"
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe"
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
R2 - [RtLedService] - RtLedService Installer - "C:\Program Files\Realtek\RtLED\RtLEDService.exe"
R2 - [SCService] - SavvyConnect Desktop Service - "C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe"
R2 - [Skype C2C Service] - Skype C2C Service - "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
R2 - [TeamViewer9] - TeamViewer 9 - "C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe"
R2 - [WDBackup] - WD Backup - "C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe"
R2 - [WDDriveService] - WD Drive Manager - "C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe"
R2 - [WDRulesService] - WD Rules - "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S2 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S2 - [EvtEng] - Intel® PROSet/Wireless Event Log -
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
S2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface -
S2 - [LiveUpdateSvc] - LiveUpdate - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 - [LMS] - Intel® Management and Security Application Local Management Service -
S2 - [SecureUpdateSvc] - SecureUpdate - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S2 - [UNS] - Intel® Management and Security Application User Notification Service -
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\system32\IntelCpHeciSvc.exe
S3 - [Desura Install Service] - Desura Install Service - C:\Program Files\Common Files\Desura\desura_service.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS -
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [IGRS] - IGRS - "C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe"
S3 - [Lenovo ReadyComm AppSvc] - Lenovo ReadyComm AppSvc - "C:\Program Files\Lenovo\ReadyComm\AppSvc.exe"
S3 - [Lenovo ReadyComm ConnSvc] - Lenovo ReadyComm ConnSvc - "C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server -
S3 - [ose] - Office  Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - "C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsService
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140315_0607_.backup

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140315_0607_.backup

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140315_0607_.backup

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default

user.js not found
---- Lines Search  removed from prefs.js ----
user_pref("de.soerenrinne.googlebuttons.wholeshebang", "3D Warehouse,Accounts,Ad Manager,Ad Planner,Adsense,Adwords,Alerts,Analytics,Android Developer
---- Lines privitize removed from prefs.js ----
user_pref("browser.search.defaultengine", "Privitize VPN");
---- Lines ffxtbr removed from prefs.js ----
user_pref("extensions.gtffxtbr@GamingWonderland.com.install-event-fired", true);
---- Lines imbooster removed from prefs.js ----
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "1/22/17/1/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B26E9F2CE-EDA6-4E1C-E92E-111714C74CC1%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.addon@defaulttab.com.install-event-fired", true);
---- Lines extensions.5125839741f6e removed from prefs.js ----
user_pref("extensions.5125839741f6e.epoch", "1363457578");
user_pref("extensions.5125839741f6e.url", "http://getjpi1.info/sync/?ext=vdx&pid=322&country=US&regd=130221021655&lsd=130315180023&ind=971449669&ssd=1
---- Lines extensions.5125e39f48744 removed from prefs.js ----
user_pref("extensions.5125e39f48744.epoch", "1362169642");
user_pref("extensions.5125e39f48744.url", "http://getjpinet.info/sync/?ext=btos&pid=279&country=SE&regd=130221090639&lsd=130228202522&ind=2979984131&s
---- Lines extensions.5125e3ed9d475 removed from prefs.js ----
user_pref("extensions.5125e3ed9d475.epoch", "1361929633");
user_pref("extensions.5125e3ed9d475.scode", "void(0);");
user_pref("extensions.5125e3ed9d475.url", "http://jpi-syncs.info/sync/?ext=wbn&pid=279&country=US&regd=130221090757&lsd=130226014517&ind=2979984131&ss
---- Lines {bb45ef8e-1e36-4535-a017-ec908fb1e335} removed from prefs.js ----
user_pref("extensions.{bb45ef8e-1e36-4535-a017-ec908fb1e335}.install-event-fired", true);
---- Lines {ad32743c-16ef-46ec-977b-dce0c3c85b20} removed from prefs.js ----
user_pref("extensions.{ad32743c-16ef-46ec-977b-dce0c3c85b20}.install-event-fired", true);
---- FireFox user.js and prefs.js backups ----

prefs_20140315_0607_.backup

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\0h08vrzv.default-1377724874309

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\kwm18aig.default-1376693422241

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----

==== Deleting Files \ Folders ======================

C:\Users\Annette\daemonprocess.txt deleted
C:\Program Files\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\Program Files\Coupons deleted
C:\Program Files\Yahoo Browser Settings deleted
C:\Program Files\PrivitizeVPN deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\Elite People Search deleted
C:\Users\Annette\AppData\Roaming\uninstall.bat deleted
C:\Users\Annette\AppData\Roaming\Allmyapps deleted
C:\Users\Annette\AppData\Roaming\ElitePeopleSearch deleted
C:\Users\Annette\AppData\Local\common_functions.dll deleted
C:\Users\Annette\AppData\Local\log4cxx.dll deleted
C:\Users\Annette\AppData\Local\CRE deleted
C:\Users\Annette\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN deleted
C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\store-pp.jbs deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\WinInit.Ini deleted
C:\Windows\tasks\Wise Care 365.job deleted
C:\Windows\tasks\Wise Turbo Checker.job deleted
C:\Windows\system32\tasks\Wise Care 365 deleted
C:\Windows\system32\tasks\Wise Turbo Checker deleted
C:\Windows\tasks\AllmyappsUpdateTask.job deleted
C:\Windows\system32\tasks\AllmyappsUpdateTask deleted
C:\Windows\system32\tasks\YourFile DownloaderUpdate deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Program Files\Mozilla Firefox\components\sprotector.js deleted
C:\Users\Annette\AppData\Local\ie_runner_app.exe deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default\extensions\searchads@instair.net deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534\extensions\searchads@instair.net deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\extensions\searchads@instair.net deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default\extensions\searchads@instair.net deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\0h08vrzv.default-1377724874309\extensions\searchads@instair.net deleted
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\kwm18aig.default-1376693422241\extensions\searchads@instair.net deleted
"C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default\extensions\torntv@torntv.com.xpi" deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe" deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\sqlite3.dll" deleted
"C:\Program Files\Luth Research" not deleted
"C:\Program Files\Luth Research\SavvyConnectFramework" not deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin" not deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice" not deleted
"C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601)
Memory (RAM): 2989 MB
CPU Info: Intel® Core™ i7-2630QM CPU @ 2.00GHz
CPU Speed: 1983.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | Lenovo RMCT Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Spotflux Virtual Network Device Driver | Bluetooth Device (Personal Area Network) | Intel® WiFi Link 1000 BGN | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208AB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  654.7GB | D:  29.0GB
Hard Disks - Free: C:  500.0GB | D:  28.9GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 10/21/11 | LENOVO - 1
Time Zone: Central Standard Time
Motherboard *: LENOVO Emerald Lake
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 11.0.9600.16521
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 33.0.1750.154
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 12.0.0.77

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-03-13 22:48:15 E21B90BD14AFFC13D50A2E8A26336561 2052 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\Annette\AppData\Local\Temp ====
2014-03-15 22:38:33 33C89FD5D5D19227DE0F5CD4A0D73722 541696 ----a-w- C:\Users\Annette\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2014-03-02 20:39:04 10CE1874520612E5F9BDC21C962AEF1B 918016 ----a-w- C:\Users\Annette\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2014-03-12 03:46:14 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 03:46:12 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\System32\iernonce.dll
2014-03-12 03:46:12 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-12 03:46:11 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 03:46:11 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\System32\jsproxy.dll
2014-03-12 03:46:10 69C9F0607AF94C7162BBD25E222D4E0E 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 03:46:10 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 03:46:09 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-03-12 03:46:09 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-12 03:46:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\System32\wininet.dll
2014-03-12 03:46:01 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\System32\ieui.dll
2014-03-12 03:45:57 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 03:45:53 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\System32\iertutil.dll
2014-03-12 03:45:50 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-12 03:45:50 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\System32\mshtml.dll
2014-03-12 03:45:49 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\System32\urlmon.dll
2014-03-12 03:45:47 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\System32\msfeeds.dll
2014-03-12 03:45:47 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 03:45:46 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-12 03:45:46 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\System32\msrating.dll
2014-03-12 03:45:46 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 03:45:45 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-12 03:45:44 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\System32\ieframe.dll
2014-03-12 03:45:08 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 03:45:05 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 03:45:04 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 03:45:03 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll
2014-03-04 00:10:47 7753FC56F9CAC4B5AFDA3196DB654F21 144664 ----a-w- C:\Windows\System32\secman.dll
====== C:\Windows\system32\drivers =====
2014-03-12 23:49:50 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2014-03-03 23:58:45 585FDB94DB04AC1C56298D1FD1F1389E 184192 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-03-03 23:58:44 560B0DCE52DFED6623B27C9BAFA6F236 88576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
====== C:\Windows\Tasks ======
2014-03-13 09:55:13 3E32A143B6BC722A6F1D1828AEEFBEBF 3336 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-16 12:53:49 -------- d-----w- C:\Program Files\AOL Desktop 9.7
2014-02-16 12:53:48 -------- d-----w- C:\Program Files\Common Files\aolshare
======= C: =====
====== C:\Users\Annette\AppData\Roaming ======
2014-02-16 12:30:54 -------- d-----w- C:\Users\Annette\AppData\Roaming\ProductData
====== C:\Users\Annette ======
2014-03-15 22:16:48 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Annette\Desktop\AdwCleaner.exe
2014-03-15 02:19:30 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\Annette\Desktop\dds.com
2014-03-14 20:26:09 609B83259466F78EC2014119B22100F8 930952 ----a-w- C:\Users\Annette\Desktop\cbsidlm-cbsi183-SolSuite_Solitaire_2014-BP-10018763.exe
2014-03-13 22:47:14 0FC29E1FA51C257E5F9C906F772EA27B 101503256 ----a-w- C:\Users\Annette\Desktop\msert.exe
2014-03-13 22:46:32 F406BAC9CFB876EFF01314F18CDA746C 11125072 ----a-w- C:\Users\Annette\Desktop\mseinstall.exe
2014-03-13 00:52:36 F672155776ABADF6A23C59E74491C9F2 4130656 ----a-w- C:\Users\Annette\Desktop\tdsskiller.exe

====== C: exe-files ==
2014-03-15 22:43:39 6F4A8D22DBB08E1C536950A9EDEE3C29 134319 ----a-w- C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO5WY474\AdwCleaner[1].exe
2014-03-15 22:36:30 2E71DD6C39295A07B47D677AE8F6D277 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$IDQG6DY.exe
2014-03-15 22:15:30 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W23PKKF6\AdwCleaner[1].exe
2014-03-15 18:47:27 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Program Files\Google\Update\Install\{CF565F08-87F5-472F-A731-3DBE917441F1}\33.0.1750.154_33.0.1750.146_chrome_updater.exe
2014-03-15 18:47:27 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe
2014-03-13 10:13:42 398AA8F18B72F46F40E9D42A6C714B0E 1185088 ----a-w- C:\Program Files\IObit\Surfing Protection\unins000.exe
2014-03-13 10:13:06 62946010D97FA38835D47C0E14909DD4 259872 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\Nfeatures.exe
2014-03-13 10:13:05 59581F33E5863AC831935F14BE68D904 4093800 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\game-assistant.exe
2014-03-13 10:13:02 37E24A946C409B7A0F7BE1FBC02218ED 1198368 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\unins000.exe
2014-03-13 10:11:21 D72352C40ABFC97336923A22403C7729 41807400 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$RDQG6DY.exe
2014-03-13 00:38:25 BCCAB958D3085E66F47695EC0B236E9D 5023144 ----a-w- C:\ProgramData\Backblaze\bzdata\bzupdates\bzinstall-win32-2.5.0.709.exe
2014-03-12 09:51:55 580B47F73BE70E5084E78BCFEA1E2C7A 572416 ----a-w- C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe
2014-03-12 03:45:45 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-12 03:45:43 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-08 23:09:39 045C535FDBC8FCDDB76BB8F7F5F8FF60 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$IDQA4HZ.exe
=== C: other files ==
2014-03-15 22:47:49 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO5WY474\flXHR[1].vbs
2014-03-15 13:18:18 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGG4EKYS\flXHR[1].vbs
2014-03-15 05:11:28 724AD3AF6874715973BC200750E24A34 3650 ----a-w- C:\ProgramData\Backblaze\bzdata\bzbackup_state_extras.zip
2014-03-15 02:19:30 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\Annette\Desktop\dds.com
2014-03-13 00:38:31 29B422F86534C8095F448D512A7AA98F 4943353 ----a-w- C:\Windows\Temp\bzi0313003830_0000001_0116dir\files.zip
2014-03-12 23:49:50 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2014-03-12 09:54:20 C24E9C1AE0ED527568837A3EB92C84CA 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$IGNQQCS.zip
2014-03-12 03:45:05 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"

[HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7\AOL.EXE -b"
"KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"
"lxdumon.exe"="C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
"lxduamon"="C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
"Lexmark 5600-6600 Series Fax Server"="C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe /s"
"BlueStacks Agent"="C:\Program Files\BlueStacks\HD-Agent.exe"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SavvyConnectMenu"="C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe -a"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"HostManager"="C:\Program Files\Common Files\AOL\1363269673\ee\AOLSoftware.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7\AOL.EXE -b"
"KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desura]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Desura"
"hkey"="HKCU"
"command"="C:\\Program Files\\Desura\\desura.exe -autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IObit Malware Fighter"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeePass 2 PreLoad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KeePass 2 PreLoad"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesAirMessage"
"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC_GIZMOS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC_GIZMOS"
"hkey"="HKCU"
"command"="\"C:\\Users\\Annette\\AppData\\Roaming\\PC-Gizmos\\PC_136519.en_76.exe\" --update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrivitizeVPN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrivitizeVPN"
"hkey"="HKLM"
"command"="C:\\Program Files\\PrivitizeVPN\\PrivitizeVPN.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Drive Unlocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Drive Unlocker"
"hkey"="HKLM"
"command"="C:\\Program Files\\Western Digital\\WD Apps\\WDDriveAutoUnlock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Quick View]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Quick View"
"hkey"="HKLM"
"command"="C:\\Program Files\\Western Digital\\WD Quick View\\WDDMStatus.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Lenovo\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"

==== Startup Folders ======================

2013-06-30 13:18:32 3073 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
2013-02-07 22:39:06 1053 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-07-13 15:18:42 2346 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk
2013-02-14 14:19:16 1009 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
2013-09-06 15:26:47 2267 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
2013-02-17 06:56:28 1936 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/11/2014 09:45 PM]
C:\Windows\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000.job --a------ C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe []
C:\Windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job --a------ C:\Program Files\Consumer Input\InternetExplorer\dca-ua.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2013 04:55 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2013 04:55 PM]
C:\Windows\tasks\schedule\Undetermined Task.exe []
C:\Windows\tasks\temp_FTdownloader V4.0-enabler.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\ASC7_PerformanceMonitor" [C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\Windows\system32\tasks\ASC7_SkipUac_Annette" [C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe]
"C:\Windows\system32\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}" [C:\Program Files\Consumer Input\InternetExplorer\dca-ua.exe]
"C:\Windows\system32\tasks\Go to RoboForm Install page" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKMLMHMMJGMKMNMMJCNJJGMPMNMCNLMJJKJHMCNNJNMNJNMCNOJNJOJOJGMHMNMKMKJPMJJLJJNJICMJMCNOMPMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMOMNMKJPMOMFMLMKMJNHICMEKMICNJJCKJNBJCMOLBJBJKJLILIKJJNKJCMJNNICMJNDJCMKJBJ"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Installation App Launcher" ["C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" -register]
"C:\Windows\system32\tasks\launchspotflux" ["C:\Program Files\spotflux\.\spotflux.exe"]
"C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKMLMHMMJGMKMNMMJCNJJGMPMNMCNLMJJKJHMCNNJNMNJNMCNOJNJOJOJGMHMNMKMKJPMJJLJJNJICMIMCNGMCNKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMMMHMIMJNHICMMJBJKJLIMJJNBJCMOLBJBJKJLILIKJPNJLAJMILIKJNIJNKJCMJIOJBJGJMIHJKJLJOMPLOJAJDJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMOMFMJMKMLMFMOMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\system32\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\Run RoboForm TaskBar Icon" [C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\SmartDefrag3_Update" [C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\system32\tasks\temp_FTdownloader V4.0-enabler" [C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exe]
"C:\Windows\system32\tasks\{20FAE518-B150-40D0-BA9B-1E499BB6571B}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{73FA236F-8365-4583-B8B6-D8B6AAE7DFB2}" [E:\SETUP.EXE]
"C:\Windows\system32\tasks\{82A549F6-FB65-446B-8550-C3355748E6F4}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{85DA9A88-5767-4CF8-98C0-C70E9D76415D}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{B85E1C72-CEA0-4027-B5D4-250D77332CD0}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DB3188E3-33AC-4891-900D-7D1EBA2AC78B}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DD65C8F1-DD7A-47EA-8153-88A73317E6E1}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DDD8994D-0108-4480-A1EE-FAD84AFADA05}" [C:\Users\Annette\Desktop\tbrusha.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [03/07/2014 09:55 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Undetermined - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Undetermined - %ProfilePath%\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
- Undetermined - %ProfilePath%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\0h08vrzv.default-1377724874309
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\kwm18aig.default-1376693422241
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Undetermined - %ProfilePath%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\extensions\savvyconnect@surveysavvy.com
- Undetermined - %AppDir%\browser\extensions\savvyconnect@surveysavvy.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
4380B55D9167DC87793A97329C6C4059 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
98048DF68DE9B03E671EA1B845587890 - C:\Users\Annette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
06DD04F84A6FB0C312352A02684D398A - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll - AmazonMP3DownloaderPlugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
D02ED3C972BBF10890CA2A586F2C0762 - C:\Users\Annette\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll - SOE Web Installer
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U51
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
E18B5B26F41D8C37CCAA7256F29F6A15 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
EBEEC9B1FB8BC809C719713A36640966 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
06DD04F84A6FB0C312352A02684D398A - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll - AmazonMP3DownloaderPlugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
924366CBEDB044930207A40A5404FF7E - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll - Coupons Inc., Coupon Printer Manager
2C52BB8C805A67D852E50C5D03022305 - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll - Coupons Inc., Coupon Printer Manager
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[02/05/2013 03:05 AM]
ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[05/07/2013 06:12 AM]
gbamlhhoocminkgbhdepcpgcogfofmko - C:\Program Files\Luth Research\SavvyConnectFramework\bin\chrome\SavvyConnect.crx[]
gpmfhmlfgjpngohpninmddglmaodnice - No path found[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[11/29/2012 09:35 PM]
jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[06/25/2013 02:20 AM]
jhbicckmeogemnamjhgbfbhelblnkjlp - No path found[]
kheelobnibmchifldedamogdmhemfjio - No path found[]
klibnahbojhkanfgaglnlalfkgpcppfi - C:\Users\Annette\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 11:59 AM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[03/07/2014 09:54 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gpmfhmlfgjpngohpninmddglmaodnice - No path found[]
jhbicckmeogemnamjhgbfbhelblnkjlp - No path found[]
kheelobnibmchifldedamogdmhemfjio - No path found[]
klibnahbojhkanfgaglnlalfkgpcppfi - C:\Users\Annette\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx[]

VLC for YouTube™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel
Torrent Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee
Clipboard - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdkbjaecenbhbgjjocbjdjecfnignmj
craigslist pop. - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja
VPN.tv - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfieeobdjkockpabmmfdpaihegikdgl
Advanced SystemCare Surfing Protection - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Rogue Soul - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipgknmnkieelmkaaofabfkiekdjbcic
eBay Web App - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom
Freemake Video Downloader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
TV - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph
Crystal Saga - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbadcdoippjkpjckifngelnbjanhcak
Plugins - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop
The Ebates Cash Back Button makes earning Cash Back and finding Hot Deals easier than ever. - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi
Wars of Winter - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chpacldklnpblbkoplbmjbndnjighako
Sonic Super Crazy World - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnmnpmehckglealgefpdamplibdnajh
Tab Manager - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Search by Image by Google - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
VUDU Movies - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib
Maze Manor Free - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmlblgpnpnnpmoegdiadppoehapkkej
Save to Drive - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoibeabfchdpckcmamaadeccohilbkp
3D Bowling - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgondkoblfcjpknplcjepgcogmbebaf
Cloud Save - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd
Best Utility Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog
HTML5 Video for YouTube™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei
Mini Golf - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajjagbfmeoidampllpdahppfljmabik
Prevent Duplicate Tabs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eangilbdbecadgeclbehnkibpmedaoih
Click to Tab - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebicmkkcnhdiglneianohfjapmanjoek
Torrent Turbo Search App - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif
Tabs Outliner - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl
Freemake Youtube Download Button - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
FREE MP3 Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl
Box - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl
Ceiron Wars - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\engppmjegobmdlebfhpjmiikbcpgolih
Neverending Bubbles - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbakkgfljlffjgoofillepkppbkifhjb
Valhalla - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbbnapmencljcepeibjnchgcdcdehloe
Type Scout - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj
Voodoo Friends - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj
We-Care.com Reminder - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fonmolocekmjpljfgmkkfdcdhmlaenpo
SavvyConnect - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbamlhhoocminkgbhdepcpgcogfofmko
Shopping price comparison - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd
Torrent Turbo Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio
Digital Clock - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo
Chrome Web Store Launcher (by Google) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej
Best Apps Extension - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gellklljnmmkphmlmdljaoejofjkcjol
Bookmark Buttons Startpage - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\genmiebglliamphdcfeakonfebajldkj
Jacko In Hell 2 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gigfoobihocjpdjmkfllcblanhkibaeb
AdBlock - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AccelerateTab - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg
LastPass - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Top Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgdlfpakgihpgonfmmmeaaeipgnbaje
One Last Pass ( Password Manager ) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcjfeemfanamjbekpmdhcefejlgpnke
FileZilla on Roozz - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlnaakajahlemjahijmphgljeknipkce
Eukarion Tales (RPG Diablo 2 like) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjfckdciblfcicegijojmpeolkedeac
Shadowland Online - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmjfaplmocigmcnpnfhmhbbjaalipdb
Funny Bowling - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohcdpgmpchbkbdkdgidfjkpnknocgme
Arcane Legends - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido
Cloud Reader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
RealDownloader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Web Apps Manager by Allmyapps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejkgldabgohkkodcldeiiajhgnbfggg
Best Free Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdmklnnfaaegjkclibjdlkcimnbkmli
The Creepster TV Channel - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imeijghccmjocbjinodpjdbpmbnlbgcm
Weather now - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imflhicibaneljgphmfahdknpmidflel
Prince Of Persia - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgflohfjhdbomdlkbnecogoncdlhjfg
Xonix 3D - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipbmjfahoeenlpmfcbcioagdhcffdegi
Pearly Meadows - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipncaggfnflammhdjbpoccdmfkdjafnp
Freemake Video Converter - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Lord of Ultima is EAs popular browser based strategy game that simulates an immersive medieval civilization. - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced
theTabs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnlopknndedplkhcjphlnedcmnegcmo
Adventure World - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghonkcklghipjeggjlloppmhlpdmoco
AccelerateTab - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
Moon Phase - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbbfjkgenpehcokclfggnfniaiglaai
The Grand Visir Jaffar has thrown a young prince into the dungeon. Jaffar has forced the princes beloved to choose between marrying his evil self...or death. Take the role of the prince and try to escape from the dungeon. You must fight through 12 levels of puzzles and guards while keeping in mind the 60-minute time limit. Play PRINCE OF PERSIA and rescue the Princess in time.\r\n\r\nPlay online: http:nesninja.comgameprince-of-persia - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnhmdljhbpdhjdgledfngobehcieedk
Labyrinth - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeimnckmnebflgijneknoapkcnaffnl
Dark Soul - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohllcjpkljmgadolhmfhbaodakfbpif
PC Gizmos - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpfhgnebikhafakgnbbdnpjigaohhgnh
Dropbox Shortcut - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbelldokcfkkgejineadomjjcicgghbk
The Onion - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffbbkfcdoccioifngmngnbbiefiffba
FVD Video Downloader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Movies - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkanjdppoifnkmakhilbeaohboaegjl
TV for Google Chrome™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
Skype for Chromium - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Wonderputt-HD - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlfhfjfjkolddolkhmmfbckhejdghhl
Thesaurus Extension - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic
Bad Eggs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamjjhmmfdahldkimnhgfjdnifddgfad
Unbeatable - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkpjdeipjnjbdglfkegckdonakfjcpo
Awesome New Tab Page™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg
Download to Dropbox - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklccdhnpppcmbpbkaanmamjfmmefbnp
FastestFox for Chrome - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
LastPass Vault - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf
Soul Gambler - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndakdaapflmkiglkgllpklohpkfkmpjc
What's it worth? (The Original) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnefdpoldbalhfejpafdiajlciblpoa
Advanced SystemCare Surfing Protection - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
King's Island (Diablo 2 like) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfpplabodfdcaeaeoefpgnohkpcbndep
Micro Expression Recognition Application - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkcbihjelakpbponjhpmkkmopghnpip
Cloud Network - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngndmmeaclkjmncjefkiggnoeajcebhh
Google Wallet - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Rising Saga - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjnphdjfbkcljpncdnbcdomhifhdebm
TabCloud - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof
Tilt 3D - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalnhkglcknampgfiaopkmfaallkpeip
Picky Wallpapers - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj
Free Games - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnlkojnclefkippkkijniiobhpappnm
Earn to Die 2012 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjmmldfnjcjjachepeckanmpijbpfe
Back to bed - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfdldinieihmiaapfggdkgdcmeeilep
Shards of the Dream - animated real–time fantasy game. Discover new lands populated by different people explore dungeons and fight outgrowths of nightmares. Gloomy fantasy-world – and its life after the accident. SodGame Sod Shards of the Dream - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhlgkobnlcabmallghnomjkpofknkce
Print Friendly & PDF - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Jacko in Hell 2 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\omelkgjbamnhcnbchnekgdlcijgoieib
Castle Capers - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpgjokenejoefajmjdoaodhamhlapjb
Valentines Day Mahjong - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce
\Missing Plug-in\ Fix - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe

==== Chrome Fix ======================

C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx deleted successfully
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbamlhhoocminkgbhdepcpgcogfofmko deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klibnahbojhkanfgaglnlalfkgpcppfi_0.localstorage deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_klibnahbojhkanfgaglnlalfkgpcppfi_0 deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klibnahbojhkanfgaglnlalfkgpcppfi deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbdabnfmdemcjjadpkpjibhhacggangd_0.localstorage deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chhjbpecpncaggjpdakmflnfcopglcmi_0.localstorage deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_chhjbpecpncaggjpdakmflnfcopglcmi_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{1D6EF064-0E70-4531-82A1-C0EC99FA44E4} Google  Url="https://www.google.com/search?q={searchTerms}"
{4CDA7060-EA2C-4C41-8750-90C3C2AB01C1} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246} KeyBar 2 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309655&CUI=UN75406184512378314&UM=2"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gbamlhhoocminkgbhdepcpgcogfofmko deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gpmfhmlfgjpngohpninmddglmaodnice deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gpmfhmlfgjpngohpninmddglmaodnice deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kheelobnibmchifldedamogdmhemfjio deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivitizeVPN deleted successfully

==== HijackThis Entries ======================

O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.vpn1.mediainsiderspanel.com
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCGizmosBHO - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Annette\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SavvyConnectMenu] "C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1363269673\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7\AOL.EXE" -b
O4 - HKCU\..\Run: [KiesPDLR.exe] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Amazon Cloud Drive.lnk = Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
O4 - Startup: Dropbox.lnk = Annette\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: InfoUSB Detector.lnk = Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O4 - Global Startup: OpenVPN Connect.lnk = C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Clear Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComLogoff.html
O8 - Extra context menu item: Password Generator - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Editor - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm Options - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Set Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSetFields.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Backblaze Service (bzserv) - Unknown owner - C:\Program Files\Backblaze\bzserv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - (no file)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - (no file)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Multiplicity Service (Multiplicity) - Stardock Software, Inc - C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: SavvyConnect Desktop Service (SCService) - Unknown owner - C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe (file missing)
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: WD Backup (WDBackup) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

==== Empty IE Cache ======================

C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80XG5C8S will be deleted at reboot
C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO5WY474 will be deleted at reboot
C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEM4LQ86 will be deleted at reboot
C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZS6OJT7 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Annette\AppData\Local\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534\Cache emptied successfully
C:\Users\Annette\AppData\Local\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1115 folders=286 147256006 bytes)

==== Empty Temp Folders ======================

C:\Users\Annette\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Annette\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied



#9 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 17 March 2014 - 02:16 PM

Hi annette53

Do you use "Consumer Input" program?
 
Also do you use Teamviewer?

Step 1

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

PrivitizeVPN
OpenVPN Connect


Step 2

We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    
    C:\Windows\tasks\schedule\Undetermined Task.exe;f
    gpmfhmlfgjpngohpninmddglmaodnice;chr
    jhbicckmeogemnamjhgbfbhelblnkjlp;chr
    kheelobnibmchifldedamogdmhemfjio;chr
    klibnahbojhkanfgaglnlalfkgpcppfi;chr
    afbpdhiclgghnffhkinjikglgmolhpee;chr
    eegbffmjdkflkcfncpfjjbggbdlnbdif;chr
    gbamlhhoocminkgbhdepcpgcogfofmko;chr
    gcdgomceilgkonhjheaijcmgfhabmpio;chr
    plkplgmhfkkhokgkdkblfcnfeccpippe;chr
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}];r
    C:\f97e7f316b6c73f24b70;vs
    installer-list;
    standardsearch;
    
     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).

Please post the logfile for further review in your next reply[/list]

Step 3

We need to do a quick check on a file.

 

  • Go to VirusTotal.
  • Click Choose File.
  • Copy and paste the exact file name in bold:
     
  • C:\Users\Annette\Desktop\tbrusha.exe

 

  • Click Send.

Copy and paste back the results once VirusTotal has finished scanning the file.[/list]

Step 4

Download RogueKiller and save it to your desktop.
 

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.

Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#10 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 17 March 2014 - 04:17 PM

Not sure about a consumer input program.  I do use teamview to work on another computer remotely.

Was not able to find tbrusha.exe even though i remember installing it, its a paint program.

 

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Annette [Admin rights]
Mode : Scan -- Date : 03/17/2014 16:11:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] InfoUSBDetector.exe -- C:\Users\Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe [-] -> KILLED [TermProc]
[SUSP PATH] AmazonCloudDriveW.exe -- C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe [7] -> KILLED [Tree]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\yowindow.scr [7]) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][ROGUE ST] schedule!481551474.job : C:\ProgramData\BetterSoft\VaudiX\VaudiX.exe - /schedule /profile "c:\programdata\bettersoft\vaudix\481551474.ini" [x][x] -> FOUND
[V2][SUSP PATH] {DDD8994D-0108-4480-A1EE-FAD84AFADA05} : C:\Users\Annette\Desktop\tbrusha.exe [x] -> FOUND

¤¤¤ Startup Entries : 1 ¤¤¤
[Annette][SUSP PATH] InfoUSB Detector.lnk : C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk @C:\Users\Annette\AppData\Roaming\FISHER~1\INFOUS~1\INFOUS~1.EXE [-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-24HXZT1 ATA Device +++++
--- User ---
[MBR] 2b6d111ddb7baba093a158fc9c18e329
[BSP] edfd4edd3c884243e4e2bd69922546e3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03172014_161118.txt >>

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Annette [Admin rights]
Mode : Remove -- Date : 03/17/2014 16:12:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] InfoUSBDetector.exe -- C:\Users\Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe [-] -> KILLED [TermProc]
[SUSP PATH] AmazonCloudDriveW.exe -- C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe [7] -> KILLED [Tree]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\yowindow.scr [7]) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][ROGUE ST] schedule!481551474.job : C:\ProgramData\BetterSoft\VaudiX\VaudiX.exe - /schedule /profile "c:\programdata\bettersoft\vaudix\481551474.ini" [x][x] -> DELETED
[V2][SUSP PATH] {DDD8994D-0108-4480-A1EE-FAD84AFADA05} : C:\Users\Annette\Desktop\tbrusha.exe [x] -> DELETED

¤¤¤ Startup Entries : 1 ¤¤¤
[Annette][SUSP PATH] InfoUSB Detector.lnk : C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk @C:\Users\Annette\AppData\Roaming\FISHER~1\INFOUS~1\INFOUS~1.EXE [-][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-24HXZT1 ATA Device +++++
--- User ---
[MBR] 2b6d111ddb7baba093a158fc9c18e329
[BSP] edfd4edd3c884243e4e2bd69922546e3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03172014_161206.txt >>
RKreport[0]_S_03172014_161118.txt





 



#11 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 17 March 2014 - 04:37 PM

Thank you for that information. We will continue when you post me your Zoek log.


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#12 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 17 March 2014 - 04:39 PM

sorry i thought i did send it

 

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Annette on Mon 03/17/2014 at 15:31:18.44.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annette\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-17-203117.log 972 bytes

==== Windows Installer Info ======================

ABBYY FineReader 6.0 Sprint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006FCA9B229EC4896DC2FC53B9CA70]C:\Windows\Installer\aa875.msi
Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6C2C29BE07FB794887AF1FE898872B2]c:\Windows\Installer\61cb057.msi
Adobe Reader XI (11.0.06) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010]C:\Windows\Installer\4a4696.msi
Alice Madness Returns [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42BA3A398E63AB14086CCCCE328763CD]C:\Windows\Installer\d608e08.msi
BlueStacks Notification Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CA28CF7AD6895D84A8EA7AC5D128E9A0]C:\Windows\Installer\64e58.msi
calibre  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E27BE353F07EC5944B3B3BB7CAF1829A]C:\Windows\Installer\20fc1b6.msi
D3DX10  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\1056be.msi
Google Drive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D22078E9C8C67C4E872CBF7819F8BBF]C:\Windows\Installer\1637abf.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\e857d1e.msi
Intel® PROSet/Wireless WiFi Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A9ADBF52868EB3B49BFF9D321858111A]C:\Windows\Installer\399041.msi
Intel® Trusted Connect Service Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F735A2519E5451B48874E2E3B56E8195]C:\Windows\Installer\2866a3a.msi
Java 7 Update 51 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120715FF]C:\Windows\Installer\61cb2f5.msi
Java Auto Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401]C:\Windows\Installer\21f0b5f.msi
Kies mini [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49834EEFCDFC8A4CB6DA3AAA9844B68]C:\Windows\Installer\c82d6.msi
Lenovo Bluetooth with Enhanced Data Rate Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D9341A64DF2F741A3DEF0E792CA990]C:\Windows\Installer\29cf2cb.msi
Lenovo DirectShare [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BCC4612B200C08B4580557538DD02F73]C:\Windows\Installer\813d2.msi
Lenovo ReadyComm 5.0 Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07166C67835C77E45BD4841E635B5B33]C:\Windows\Installer\bd666.msi
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\271D3094BCCDF293393A43ACD974EFD3]C:\Windows\Installer\1a82b150.msi
Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC]c:\Windows\Installer\7fc3e.msi
Microsoft Mouse and Keyboard Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86E57EF92A693F8409BA436E8B9C89D9]c:\Windows\Installer\10589f.msi
Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\f119a.msi
Microsoft VC9 runtime libraries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EA720AA02DD7764AA277D063A8523B0]C:\Windows\Installer\d87ba.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\ac05d49.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\5cf060b.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\2644ca2.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F9E66FF7E38E3A3FA41D89E8A906A4A]c:\Windows\Installer\b050a2c.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\cb2c642.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3482F1B5973B2FF30B3D46DD41E35DA3]c:\Windows\Installer\1f784b.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\638f879.msi
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\49e16f.msi
MSVCRT  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\1056ba.msi
Nuance PaperPort 14 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DE8230D79EE0A8408BE96A3DED567BA]C:\Windows\Installer\277820.msi
Nuance PDF Viewer Plus [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93E489CF0D342BA4CA7C7A8B97770B90]C:\Windows\Installer\277827.msi
NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0F0C1C5CF26DFBD4184D7DFE93C722B8]C:\Windows\Installer\b050a32.msi
Office 15 Click-to-Run Extensibility Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80000000000000000F01FEC]C:\Windows\Installer\114df7d.msi
Office 15 Click-to-Run Licensing Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109E70000000000000000F01FEC]C:\Windows\Installer\114dee7.msi
Office 15 Click-to-Run Localization Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80090400000000000F01FEC]C:\Windows\Installer\114df8c.msi
PaperPort Image Printer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BADF2FE6FBF79BA429DC95B4DD6B5AB6]C:\Windows\Installer\277830.msi
Paragon Partition Manager™ 12 Home Special Edition [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F456A6894E1FDD11F9AC0005650C0080]C:\Windows\Installer\2ede0de.msi
Path of Exile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F2654A091A4D56B409D6142F63FC9620]C:\Windows\Installer\140915f.msi
RealDownloader  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4ACBE7FAFAF98CD4D8907658B48BD443]C:\Windows\Installer\8af4a6.msi
RealNetworks - Microsoft Visual C++ 2008 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B17E077734D20084C93BB5C6AABEBEAE]C:\Windows\Installer\8af48e.msi
RealNetworks - Microsoft Visual C++ 2010 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB7FCEAAB38E01A478AEEDB033F37843]C:\Windows\Installer\8af487.msi
RtLED  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E66BCB47B4E842C4CB4411BFC5218A7B]C:\Windows\Installer\20f903.msi
Samsung Kies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1038C85769625584FA5435B4210089A0]C:\Windows\Installer\1ae25d9.msi
Samsung Kies3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\37074588665C59840950BE9EE83A7F7C]C:\Windows\Installer\1ef8ffba.msi
Samsung Story Album Viewer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8DABB896611BD5948B97F0705A335EF7]C:\Windows\Installer\18e586f1.msi
SavvyConnect  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EB60F48BA81B904FA31A8F7AF22F9E2]C:\Windows\Installer\15538c1.msi
Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02]C:\Windows\Installer\1b69afc.msi
Skype™ 6.11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9]C:\Windows\Installer\1b69aec.msi
SlimDrivers  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9708050C000086F44AFD927CDE17286C]C:\Windows\Installer\108615c.msi
Spotflux  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A75A9F0348807D34387CDA1900B765D5]C:\Windows\Installer\aa8d3fb.msi
Steam  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9C8928403D4AB094F99FBA20A329833F]C:\Windows\Installer\e38f8fc.msi
VC80CRTRedist - 8.0.50727.6195 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5104B339816461748A822598CF3061F5]C:\Windows\Installer\8d1d683.msi
WD Drive Utilities [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\20004E27CEC81C740A9938CAE871B30F]C:\Windows\Installer\36541e.msi
WD Security [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9AB0CFE274F95546B55C97482F14938]C:\Windows\Installer\10bc41b.msi
WD SmartWare [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\289089171AEAC0847B84C03B67ADDCEF]C:\Windows\Installer\1341919.msi
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066]C:\Windows\Installer\1056cf.msi
Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\032440EF5AC97F34B985A55C2AA8F133]C:\Windows\Installer\1056f5.msi
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8D0516CDE683D1478BB3FBB150B7BF7]C:\Windows\Installer\10568b.msi
Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571]C:\Windows\Installer\1056a2.msi
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B292C385A83B0447A137070E0186AF4]C:\Windows\Installer\1056df.msi
Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B]C:\Windows\Installer\1056c6.msi
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8]C:\Windows\Installer\1056c2.msi
Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F]C:\Windows\Installer\10568f.msi
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A4869755DDD3AC4E98AB77E9D95D34B]C:\Windows\Installer\1056eb.msi

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Backblaze\bzserv.exe
C:\Windows\system32\CISVC.EXE
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\EdgeRunner\Multiplicity\Multipl2.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Control.exe
C:\Program Files\EdgeRunner\Multiplicity\MP2Drag.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\AOL\1363269673\ee\aolsoftware.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
C:\Users\Annette\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Users\Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Annette\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}]

==== Deleting Files \ Folders ======================

"C:\Windows\tasks\schedule\Undetermined Task.exe" not found

==== System Specs ======================

Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601)
Memory (RAM): 2989 MB
CPU Info: Intel® Core™ i7-2630QM CPU @ 2.00GHz
CPU Speed: 1979.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | Lenovo RMCT Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Spotflux Virtual Network Device Driver | Bluetooth Device (Personal Area Network) | Intel® WiFi Link 1000 BGN | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208AB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  654.7GB | D:  29.0GB
Hard Disks - Free: C:  499.6GB | D:  28.9GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 10/21/11 | LENOVO - 1
Time Zone: Central Standard Time
Motherboard *: LENOVO Emerald Lake
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 11.0.9600.16521
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 33.0.1750.154
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 12.0.0.77

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-03-13 22:48:15 E21B90BD14AFFC13D50A2E8A26336561 2052 ----a-w- C:\Windows\epplauncher.mif
====== C:\Users\Annette\AppData\Local\Temp ====
2014-03-15 23:42:53 33C89FD5D5D19227DE0F5CD4A0D73722 541696 ----a-w- C:\Users\Annette\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2014-03-12 03:46:14 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 03:46:12 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\System32\iernonce.dll
2014-03-12 03:46:12 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-12 03:46:11 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-12 03:46:11 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\System32\jsproxy.dll
2014-03-12 03:46:10 69C9F0607AF94C7162BBD25E222D4E0E 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 03:46:10 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 03:46:09 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-03-12 03:46:09 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-12 03:46:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\System32\wininet.dll
2014-03-12 03:46:01 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\System32\ieui.dll
2014-03-12 03:45:57 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-12 03:45:53 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\System32\iertutil.dll
2014-03-12 03:45:50 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-12 03:45:50 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\System32\mshtml.dll
2014-03-12 03:45:49 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\System32\urlmon.dll
2014-03-12 03:45:47 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\System32\msfeeds.dll
2014-03-12 03:45:47 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 03:45:46 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-12 03:45:46 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\System32\msrating.dll
2014-03-12 03:45:46 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-03-12 03:45:45 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-12 03:45:44 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\System32\ieframe.dll
2014-03-12 03:45:08 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-12 03:45:05 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys
2014-03-12 03:45:04 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 03:45:03 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll
2014-03-04 00:10:47 7753FC56F9CAC4B5AFDA3196DB654F21 144664 ----a-w- C:\Windows\System32\secman.dll
====== C:\Windows\system32\drivers =====
2014-03-12 23:49:50 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2014-03-03 23:58:45 585FDB94DB04AC1C56298D1FD1F1389E 184192 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-03-03 23:58:44 560B0DCE52DFED6623B27C9BAFA6F236 88576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
====== C:\Windows\Tasks ======
2014-03-13 09:55:13 0CC0544DABF978A6ED83D17520125DBE 3336 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-16 12:53:49 -------- d-----w- C:\Program Files\AOL Desktop 9.7
2014-02-16 12:53:48 -------- d-----w- C:\Program Files\Common Files\aolshare
======= C: =====
====== C:\Users\Annette\AppData\Roaming ======
2014-03-15 23:17:35 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-03-15 23:17:35 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-03-15 23:17:35 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-03-15 23:17:35 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-03-15 23:17:34 -------- d-----w- C:\Users\Annette\AppData\Local\Temp
2014-02-16 12:30:54 -------- d-----w- C:\Users\Annette\AppData\Roaming\ProductData
====== C:\Users\Annette ======
2014-03-15 02:19:30 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\Annette\Desktop\dds.com
2014-03-14 20:26:09 609B83259466F78EC2014119B22100F8 930952 ----a-w- C:\Users\Annette\Desktop\cbsidlm-cbsi183-SolSuite_Solitaire_2014-BP-10018763.exe
2014-03-13 22:47:14 0FC29E1FA51C257E5F9C906F772EA27B 101503256 ----a-w- C:\Users\Annette\Desktop\msert.exe
2014-03-13 22:46:32 F406BAC9CFB876EFF01314F18CDA746C 11125072 ----a-w- C:\Users\Annette\Desktop\mseinstall.exe
2014-03-13 00:52:36 F672155776ABADF6A23C59E74491C9F2 4130656 ----a-w- C:\Users\Annette\Desktop\tdsskiller.exe

====== C: exe-files ==
2014-03-15 18:47:27 E677174AA15D1B9D9E0B0F1C8DB8CC56 892120 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe
2014-03-13 10:13:42 398AA8F18B72F46F40E9D42A6C714B0E 1185088 ----a-w- C:\Program Files\IObit\Surfing Protection\unins000.exe
2014-03-13 10:13:06 62946010D97FA38835D47C0E14909DD4 259872 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\Nfeatures.exe
2014-03-13 10:13:05 59581F33E5863AC831935F14BE68D904 4093800 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\game-assistant.exe
2014-03-13 10:13:02 37E24A946C409B7A0F7BE1FBC02218ED 1198368 ----a-w- C:\Program Files\IObit\Advanced SystemCare 7\unins000.exe
2014-03-13 00:38:25 BCCAB958D3085E66F47695EC0B236E9D 5023144 ----a-w- C:\ProgramData\Backblaze\bzdata\bzupdates\bzinstall-win32-2.5.0.709.exe
2014-03-12 09:51:55 580B47F73BE70E5084E78BCFEA1E2C7A 572416 ----a-w- C:\Program Files\ZakFromAnotherPlanet\Yazak Chat\yazak.exe
2014-03-12 03:45:45 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-12 03:45:43 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
=== C: other files ==
2014-03-17 05:55:04 DF96B3260054C78633FB954B5F8AFE86 3657 ----a-w- C:\ProgramData\Backblaze\bzdata\bzbackup_state_extras.zip
2014-03-16 00:05:02 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ICZ6WHE\flXHR[1].vbs
2014-03-15 23:47:36 7456BEBABC8CE2D665FD2789DB8231E3 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$IIWITH4.zip
2014-03-15 22:49:28 27F3FB6BA6C40774CA9C8A20F8FAAE87 4095046 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2307256177-1175226797-2699856474-1000\$RIWITH4.zip
2014-03-15 02:19:30 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\Annette\Desktop\dds.com
2014-03-12 23:49:50 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys
2014-03-12 03:45:05 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"

[HKEY_USERS\S-1-5-21-2307256177-1175226797-2699856474-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7\AOL.EXE -b"
"KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Backblaze"="C:\Program Files\Backblaze\bzbui.exe -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"
"lxdumon.exe"="C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
"lxduamon"="C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
"Lexmark 5600-6600 Series Fax Server"="C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe /s"
"BlueStacks Agent"="C:\Program Files\BlueStacks\HD-Agent.exe"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SavvyConnectMenu"="C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe -a"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"HostManager"="C:\Program Files\Common Files\AOL\1363269673\ee\AOLSoftware.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe 1"
"Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"AOL Fast Start"="C:\Program Files\AOL Desktop 9.7\AOL.EXE -b"
"KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run"
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desura]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Desura"
"hkey"="HKCU"
"command"="C:\\Program Files\\Desura\\desura.exe -autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC_GIZMOS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC_GIZMOS"
"hkey"="HKCU"
"command"="\"C:\\Users\\Annette\\AppData\\Roaming\\PC-Gizmos\\PC_136519.en_76.exe\" --update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Drive Unlocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Drive Unlocker"
"hkey"="HKLM"
"command"="C:\\Program Files\\Western Digital\\WD Apps\\WDDriveAutoUnlock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WD Quick View]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WD Quick View"
"hkey"="HKLM"
"command"="C:\\Program Files\\Western Digital\\WD Quick View\\WDDMStatus.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Lenovo\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"

==== Startup Folders ======================

2013-06-30 13:18:32 3073 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
2013-02-07 22:39:06 1053 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-07-13 15:18:42 2346 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk
2013-02-14 14:19:16 1009 ----a-w- C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
2013-02-17 06:56:28 1936 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/11/2014 09:45 PM]
C:\Windows\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000.job --a------ C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe []
C:\Windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job --a------ C:\Program Files\Consumer Input\InternetExplorer\dca-ua.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2013 04:55 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2013 04:55 PM]
C:\Windows\tasks\schedule\Undetermined Task.exe []
C:\Windows\tasks\temp_FTdownloader V4.0-enabler.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\ASC7_PerformanceMonitor" [C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\Windows\system32\tasks\ASC7_SkipUac_Annette" [C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe]
"C:\Windows\system32\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}" [C:\Program Files\Consumer Input\InternetExplorer\dca-ua.exe]
"C:\Windows\system32\tasks\Go to RoboForm Install page" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKMLMHMMJGMKMNMMJCNJJGMPMNMCNLMJJKJHMCNNJNMNJNMCNOJNJOJOJGMHMNMKMKJPMJJLJJNJICMJMCNOMPMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMOMNMKJPMOMFMLMKMJNHICMEKMICNJJCKJNBJCMOLBJBJKJLILIKJJNKJCMJNNICMJNDJCMKJBJ"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Installation App Launcher" ["C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" -register]
"C:\Windows\system32\tasks\launchspotflux" ["C:\Program Files\spotflux\.\spotflux.exe"]
"C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKMLMHMMJGMKMNMMJCNJJGMPMNMCNLMJJKJHMCNNJNMNJNMCNOJNJOJOJGMHMNMKMKJPMJJLJJNJICMIMCNGMCNKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMMMHMIMJNHICMMJBJKJLIMJJNBJCMOLBJBJKJLILIKJPNJLAJMILIKJNIJNKJCMJIOJBJGJMIHJKJLJOMPLOJAJDJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMOMFMJMKMLMFMOMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\system32\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2307256177-1175226797-2699856474-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\Run RoboForm TaskBar Icon" [C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\SmartDefrag3_Update" [C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\system32\tasks\temp_FTdownloader V4.0-enabler" [C:\Program Files\FTdownloader V4.0\FTdownloader V4.0-enabler.exe]
"C:\Windows\system32\tasks\{20FAE518-B150-40D0-BA9B-1E499BB6571B}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{73FA236F-8365-4583-B8B6-D8B6AAE7DFB2}" [E:\SETUP.EXE]
"C:\Windows\system32\tasks\{82A549F6-FB65-446B-8550-C3355748E6F4}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{85DA9A88-5767-4CF8-98C0-C70E9D76415D}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{B85E1C72-CEA0-4027-B5D4-250D77332CD0}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DB3188E3-33AC-4891-900D-7D1EBA2AC78B}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DD65C8F1-DD7A-47EA-8153-88A73317E6E1}" [C:\SIERRA\QG4CD\SIERRAW.EXE]
"C:\Windows\system32\tasks\{DDD8994D-0108-4480-A1EE-FAD84AFADA05}" [C:\Users\Annette\Desktop\tbrusha.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [03/07/2014 09:55 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\0h08vrzv.default-1377724874309
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\48w6p0dv.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\kwm18aig.default-1376693422241
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Undetermined - %ProfilePath%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\u9sgeb3u.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Undetermined - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
- Undetermined - %ProfilePath%\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
- Undetermined - %ProfilePath%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\extensions\savvyconnect@surveysavvy.com
- Undetermined - %AppDir%\browser\extensions\savvyconnect@surveysavvy.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
4380B55D9167DC87793A97329C6C4059 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
98048DF68DE9B03E671EA1B845587890 - C:\Users\Annette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
06DD04F84A6FB0C312352A02684D398A - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll - AmazonMP3DownloaderPlugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
D02ED3C972BBF10890CA2A586F2C0762 - C:\Users\Annette\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll - SOE Web Installer
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java™ Platform SE 7 U51
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
E18B5B26F41D8C37CCAA7256F29F6A15 - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
EBEEC9B1FB8BC809C719713A36640966 - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll - RealPlayer Download Plugin
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
06DD04F84A6FB0C312352A02684D398A - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll - AmazonMP3DownloaderPlugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
924366CBEDB044930207A40A5404FF7E - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll - Coupons Inc., Coupon Printer Manager
2C52BB8C805A67D852E50C5D03022305 - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll - Coupons Inc., Coupon Printer Manager
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[11/29/2012 09:35 PM]
jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[06/25/2013 02:20 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 11:59 AM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[03/07/2014 09:54 PM]

VLC for YouTube™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel
Torrent Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee
Clipboard - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdkbjaecenbhbgjjocbjdjecfnignmj
craigslist pop. - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja
VPN.tv - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\alfieeobdjkockpabmmfdpaihegikdgl
Advanced SystemCare Surfing Protection - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Rogue Soul - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipgknmnkieelmkaaofabfkiekdjbcic
eBay Web App - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom
TV - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph
Crystal Saga - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbadcdoippjkpjckifngelnbjanhcak
Plugins - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop
Wars of Winter - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\chpacldklnpblbkoplbmjbndnjighako
Sonic Super Crazy World - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnmnpmehckglealgefpdamplibdnajh
Tab Manager - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Search by Image by Google - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
VUDU Movies - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib
Maze Manor Free - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmlblgpnpnnpmoegdiadppoehapkkej
Save to Drive - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoibeabfchdpckcmamaadeccohilbkp
3D Bowling - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgondkoblfcjpknplcjepgcogmbebaf
Cloud Save - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd
Best Utility Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog
HTML5 Video for YouTube™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\dolajcekhnohkpncmhgledbmndjpblei
Mini Golf - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajjagbfmeoidampllpdahppfljmabik
Prevent Duplicate Tabs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eangilbdbecadgeclbehnkibpmedaoih
Click to Tab - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebicmkkcnhdiglneianohfjapmanjoek
Torrent Turbo Search App - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif
Tabs Outliner - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl
FREE MP3 Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl
Box - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl
Ceiron Wars - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\engppmjegobmdlebfhpjmiikbcpgolih
Neverending Bubbles - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbakkgfljlffjgoofillepkppbkifhjb
Valhalla - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbbnapmencljcepeibjnchgcdcdehloe
Type Scout - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj
Voodoo Friends - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj
We-Care.com Reminder - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fonmolocekmjpljfgmkkfdcdhmlaenpo
Torrent Turbo Search - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio
Digital Clock - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo
Chrome Web Store Launcher (by Google) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej
Best Apps Extension - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gellklljnmmkphmlmdljaoejofjkcjol
Bookmark Buttons Startpage - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\genmiebglliamphdcfeakonfebajldkj
Jacko In Hell 2 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gigfoobihocjpdjmkfllcblanhkibaeb
AdBlock - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
LastPass - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Top Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgdlfpakgihpgonfmmmeaaeipgnbaje
One Last Pass ( Password Manager ) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcjfeemfanamjbekpmdhcefejlgpnke
FileZilla on Roozz - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlnaakajahlemjahijmphgljeknipkce
Eukarion Tales (RPG Diablo 2 like) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjfckdciblfcicegijojmpeolkedeac
Shadowland Online - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmjfaplmocigmcnpnfhmhbbjaalipdb
Funny Bowling - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohcdpgmpchbkbdkdgidfjkpnknocgme
Arcane Legends - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido
Cloud Reader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
RealDownloader - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Web Apps Manager by Allmyapps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejkgldabgohkkodcldeiiajhgnbfggg
Best Free Apps - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdmklnnfaaegjkclibjdlkcimnbkmli
The Creepster TV Channel - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imeijghccmjocbjinodpjdbpmbnlbgcm
Weather now - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imflhicibaneljgphmfahdknpmidflel
Prince Of Persia - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgflohfjhdbomdlkbnecogoncdlhjfg
Xonix 3D - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipbmjfahoeenlpmfcbcioagdhcffdegi
Pearly Meadows - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipncaggfnflammhdjbpoccdmfkdjafnp
Freemake Video Converter - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Lord of Ultima is EAs popular browser based strategy game that simulates an immersive medieval civilization. - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced
theTabs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnlopknndedplkhcjphlnedcmnegcmo
Adventure World - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghonkcklghipjeggjlloppmhlpdmoco
Moon Phase - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbbfjkgenpehcokclfggnfniaiglaai
The Grand Visir Jaffar has thrown a young prince into the dungeon. Jaffar has forced the princes beloved to choose between marrying his evil self...or death. Take the role of the prince and try to escape from the dungeon. You must fight through 12 levels of puzzles and guards while keeping in mind the 60-minute time limit. Play PRINCE OF PERSIA and rescue the Princess in time.\r\n\r\nPlay online: http:nesninja.comgameprince-of-persia - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnhmdljhbpdhjdgledfngobehcieedk
Labyrinth - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeimnckmnebflgijneknoapkcnaffnl
Dark Soul - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohllcjpkljmgadolhmfhbaodakfbpif
PC Gizmos - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpfhgnebikhafakgnbbdnpjigaohhgnh
Dropbox Shortcut - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbelldokcfkkgejineadomjjcicgghbk
The Onion - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffbbkfcdoccioifngmngnbbiefiffba
Movies - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkanjdppoifnkmakhilbeaohboaegjl
TV for Google Chrome™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
Skype for Chromium - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Wonderputt-HD - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljlfhfjfjkolddolkhmmfbckhejdghhl
Thesaurus Extension - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic
Bad Eggs - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamjjhmmfdahldkimnhgfjdnifddgfad
Unbeatable - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkpjdeipjnjbdglfkegckdonakfjcpo
Awesome New Tab Page™ - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg
Download to Dropbox - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklccdhnpppcmbpbkaanmamjfmmefbnp
FastestFox for Chrome - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm
LastPass Vault - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf
Soul Gambler - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndakdaapflmkiglkgllpklohpkfkmpjc
What's it worth? (The Original) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnefdpoldbalhfejpafdiajlciblpoa
Advanced SystemCare Surfing Protection - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
King's Island (Diablo 2 like) - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfpplabodfdcaeaeoefpgnohkpcbndep
Micro Expression Recognition Application - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkcbihjelakpbponjhpmkkmopghnpip
Cloud Network - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngndmmeaclkjmncjefkiggnoeajcebhh
Google Wallet - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Rising Saga - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjnphdjfbkcljpncdnbcdomhifhdebm
TabCloud - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof
Tilt 3D - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalnhkglcknampgfiaopkmfaallkpeip
Picky Wallpapers - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj
Free Games - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnlkojnclefkippkkijniiobhpappnm
Earn to Die 2012 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjjmmldfnjcjjachepeckanmpijbpfe
Back to bed - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfdldinieihmiaapfggdkgdcmeeilep
Shards of the Dream - animated real–time fantasy game. Discover new lands populated by different people explore dungeons and fight outgrowths of nightmares. Gloomy fantasy-world – and its life after the accident. SodGame Sod Shards of the Dream - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhlgkobnlcabmallghnomjkpofknkce
Print Friendly & PDF - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj
Jacko in Hell 2 - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\omelkgjbamnhcnbchnekgdlcijgoieib
Castle Capers - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdpgjokenejoefajmjdoaodhamhlapjb
Valentines Day Mahjong - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce
\Missing Plug-in\ Fix - Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe

==== Chrome Fix ======================

C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio deleted successfully
C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe deleted successfully

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{1D6EF064-0E70-4531-82A1-C0EC99FA44E4} Google  Url="https://www.google.com/search?q={searchTerms}"
{4CDA7060-EA2C-4C41-8750-90C3C2AB01C1} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246} KeyBar 2 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309655&CUI=UN75406184512378314&UM=2"

==== HijackThis Entries ======================

O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCGizmosBHO - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Annette\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SavvyConnectMenu] "C:\Program Files\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1363269673\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7\AOL.EXE" -b
O4 - HKCU\..\Run: [KiesPDLR.exe] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Amazon Cloud Drive.lnk = Annette\AppData\Local\Apps\2.0\CJ1M0716.RXY\RT15WGG5.2PA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
O4 - Startup: Dropbox.lnk = Annette\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: InfoUSB Detector.lnk = Annette\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Clear Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComLogoff.html
O8 - Extra context menu item: Password Generator - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Editor - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm Options - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Set Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSetFields.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Backblaze Service (bzserv) - Unknown owner - C:\Program Files\Backblaze\bzserv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - (no file)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - (no file)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Multiplicity Service (Multiplicity) - Stardock Software, Inc - C:\Program Files\EdgeRunner\Multiplicity\MultiSrv.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: SavvyConnect Desktop Service (SCService) - Unknown owner - C:\Program Files\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe (file missing)
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: WD Backup (WDBackup) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital  - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1155 folders=314 147446000 bytes)

==== EOF on Mon 03/17/2014 at 15:39:00.37 ======================



#13 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 18 March 2014 - 02:13 AM

Hi annette53

Step 1

Please go to :-

C:\Program Files\IObit\Advanced SystemCare 7\ and run the unins000.exe

After completing this please go to:-

C:\Program Files\IObit\Surfing Protection\ and run the unins000.exe


Step 2


We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    
    c:\programdata\bettersoft\;f
    C:\Program Files\IObit\;f
    C:\Program Files\Consumer Input\;f
    C:\Program Files\FTdownloader V4.0\;f
    C:\Windows\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000.job;f
    C:\Windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job;f
    C:\Windows\tasks\temp_FTdownloader V4.0-enabler.job;f
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}];r
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
    "DefaultScope"=-;r
    emptyalltemp;
    
     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).

Please post the logfile for further review in your next reply[/list]

Step 3

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If  threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#14 annette53

annette53
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 18 March 2014 - 03:09 PM

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Annette on Tue 03/18/2014 at 14:57:35.41.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annette\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-17-203117.log 972 bytes
C:\zoek-results2014-03-17-203900.log 77997 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F72D2B8-8A3A-43E3-81B9-6CBAE16C0246}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

==== Deleting Files \ Folders ======================

"c:\programdata\bettersoft\" not found
"C:\Program Files\Consumer Input\" not found
"C:\Program Files\FTdownloader V4.0\" not found
"C:\Windows\tasks\CIMT_S-1-5-21-2307256177-1175226797-2699856474-1000.job" deleted
"C:\Windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job" deleted
"C:\Windows\tasks\temp_FTdownloader V4.0-enabler.job" deleted

==== Empty IE Cache ======================

C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Annette\AppData\Local\Mozilla\Firefox\Profiles\5ytsdaop.default-1390228159534\Cache emptied successfully
C:\Users\Annette\AppData\Local\Mozilla\Firefox\Profiles\aufm6k32.default-1364040090067\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1158 folders=315 147448388 bytes)

==== Empty Temp Folders ======================

C:\Users\Annette\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Annette\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 03/18/2014 at 15:03:13.35 ======================



#15 seedy21

seedy21

  • Malware Response Team
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire ,UK
  • Local time:05:55 AM

Posted 18 March 2014 - 04:11 PM

Thank you for the log. Let me know when you have completed the ESET Online Scanner


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users