Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Having Nurmerous Popups and Add On Browsers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 13th, 2013, 4:00 pm

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Bertha at 11:55:25 on 2013-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3036.538 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.CHURCHWINDOWS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Splashtop\Splashtop Remote\SERVER\DataProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3303930
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files\vid-saver\Vid-Saver.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\webcake\WebCakeIEClient.dll
BHO: BetterSurf: {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - c:\program files\bettersurf\ie\BetterSurf.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PC Speed Maximizer] "c:\program files\pc speed maximizer\SPMStarter.exe"
uRun: [SPMTray] "c:\program files\pc speed maximizer\SPMTray.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [hpsjbmgr] c:\program files\hewlett-packard\hp precisionscan\precisionscan\hpsjbmgr.exe
mRun: [HP Lamp] c:\program files\hewlett-packard\hp precisionscan\precisionscan\HPLamp.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC} : DHCPNameServer = 192.168.0.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-3 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-3 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-20 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-20 403440]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-20 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-20 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-3 50344]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-4 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MSSQL$CHURCHWINDOWS;SQL Server (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\sqlservr.exe [2012-6-29 43129288]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2013-7-16 789856]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2013-8-7 609056]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-4-5 224424]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
S0 epstwnt;epstwnt;c:\windows\system32\drivers\epstwnt.mpd [2011-6-30 84480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\Sharshtl.sys [2011-6-30 18432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-12 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0153;RsFx0153 Driver;c:\windows\system32\drivers\RsFx0153.sys [2012-6-29 249288]
S4 SQLAgent$CHURCHWINDOWS;SQL Server Agent (CHURCHWINDOWS);c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql\binn\SQLAGENT.EXE [2012-6-29 379848]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-12-13 19:54:43 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{17ab4946-56ba-447c-b31a-9036d60c3c5f}\mpengine.dll
2013-12-12 11:04:57 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 11:02:21 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 11:02:20 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-12-12 06:06:17 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-12 06:06:17 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 06:06:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 06:06:17 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 06:06:17 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 06:06:17 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 06:06:16 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-12 06:06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 06:06:14 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 06:06:14 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 06:06:13 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-03 18:10:12 -------- d-----w- c:\users\bertha\appdata\roaming\AVAST Software
2013-12-03 17:52:40 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-12-03 17:52:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-03 17:52:39 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-03 17:52:22 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2013-11-18 17:47:30 -------- d-----w- c:\programdata\Conduit
2013-11-18 17:47:05 -------- d-----w- c:\users\bertha\appdata\local\NativeMessaging
2013-11-18 14:33:01 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-18 14:33:00 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-18 14:33:00 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-18 14:33:00 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-18 14:33:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-18 14:33:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-18 14:32:59 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
.
==================== Find3M ====================
.
2013-12-11 04:27:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 04:27:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 18:03:28 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 18:03:28 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 18:03:28 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 18:03:22 43152 ----a-w- c:\windows\avastSS.scr
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-11 13:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-05 18:51:12 103272 ----a-w- c:\users\bertha\GoToAssistDownloadHelper.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
.
============= FINISH: 11:58:49.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/11/2011 10:51:40 AM
System Uptime: 12/13/2013 11:42:05 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0200DY
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2933/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 150.34 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP654: 12/03/2013 3:56:29 PM - Scheduled Checkpoint
RP656: 12/04/2013 8:45:44 AM - avast! antivirus system restore point
RP657: 12/06/2013 8:39:21 AM - Windows Update
RP658: 12/10/2013 3:22:28 AM - Windows Update
RP659: 12/10/2013 1:01:02 PM - Windows Update
RP660: 12/12/2013 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
aioprnt
aioscnnr
Anti-phishing Domain Advisor
AudibleManager
avast! Free Antivirus
BioAPI Framework
BurnToDisk version 1.0
C4USelfUpdater
Church Windows (C:\CW\)
Church Windows Payroll (C:\CWPay\)
Conexant D850 PCI V.92 Modem
Custom
CutePDF Writer 2.8
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
Digital Line Detect
DirectX 9 Runtime
EMBASSY Security Center
essentials
FastStone Image Viewer 4.6
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP PrecisionScan
Inbox Toolbar
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.2.89.0
Intel(R) Rapid Storage Technology
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
Kodak AIO Printer
MDIConverter 3.0
MDIViewer 3.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook 2010
Microsoft Publisher 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NTRU TCG Software Stack
ocr
Pandoras Box V1.3.8
PC-CCID
PC Speed Maximizer v3.0
PhotoShowExpress
Preboot Manager
PreReq
Privacy SafeGuard version 1.1
Private Information Manager
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Service Pack 2 for SQL Server 2008 R2 (KB2630458)
Software Version Updater
Sonic CinePlayer Decoder Pack
SPBA 5.9
Splashtop Software Updater
Splashtop Streamer
SQL Server 2008 R2 SP2 Common Files
SQL Server 2008 R2 SP2 Database Engine Services
SQL Server 2008 R2 SP2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Trend Micro Client/Server Security Agent
Trusted Drive Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
Vid-Saver
Wave Infrastructure Installer
Wave Support Software Installer
WebCake 3.00
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/13/2013 11:49:16 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/13/2013 11:48:11 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
12/12/2013 11:32:46 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
12/12/2013 11:32:46 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/08/2013 5:02:53 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PREELAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F1364B53-028A-497F-8521-A23C855. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Having Nurmerous Popups and Add On Browsers

Unread postby Gary R » December 14th, 2013, 2:27 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Having Nurmerous Popups and Add On Browsers

Unread postby Gary R » December 14th, 2013, 2:33 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi reddog1992000

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Well, there's definite signs of infection in your DDS logs, but before we start to remove anything, I'd like you to run some additional scans for me, so that we've got a more complete picture of what needs attending to.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

Next ...

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Finally ...

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:05 pm

# AdwCleaner v3.015 - Report created 14/12/2013 at 12:35:28
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Bertha - BERTHA-PC
# Running from : C:\Users\Bertha\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : splashtopremoteservice
Service Found : SSUService

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\Users\Bertha\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\Askcom.xml
File Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\ask-search.xml
File Found : C:\Windows\system32\conduitEngine.tmp
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Folder Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Folder Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Folder Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\engine@conduit.com
Folder Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\inboxcomtoolbar@inbox.com
Folder Found : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\Extensions\wecarereminder@bryan
Folder Found C:\Program Files\BetterSurf
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Inbox Toolbar
Folder Found C:\Program Files\PC Speed Maximizer
Folder Found C:\Program Files\Splashtop
Folder Found C:\Program Files\Vid-Saver
Folder Found C:\Program Files\Web Cake
Folder Found C:\Program Files\WebCake
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Found C:\ProgramData\Splashtop
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\WeCareReminder
Folder Found C:\Searchprotect
Folder Found C:\Users\Bertha\AppData\Local\Conduit
Folder Found C:\Users\Bertha\AppData\Local\ConduitEngine
Folder Found C:\Users\Bertha\AppData\Local\NativeMessaging
Folder Found C:\Users\Bertha\AppData\Local\Pokki
Folder Found C:\Users\Bertha\AppData\Local\Splashtop
Folder Found C:\Users\Bertha\AppData\Local\SwvUpdater
Folder Found C:\Users\Bertha\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Bertha\AppData\Local\Temp\apn
Folder Found C:\Users\Bertha\AppData\Local\Temp\NativeMessaging
Folder Found C:\Users\Bertha\AppData\Local\Vid-Saver
Folder Found C:\Users\Bertha\AppData\LocalLow\alotappbar
Folder Found C:\Users\Bertha\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Bertha\AppData\LocalLow\Conduit
Folder Found C:\Users\Bertha\AppData\LocalLow\Inbox Toolbar
Folder Found C:\Users\Bertha\AppData\LocalLow\PriceGong
Folder Found C:\Users\Bertha\AppData\Roaming\Betcat
Folder Found C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
Folder Found C:\Users\Bertha\AppData\Roaming\OpenCandy
Folder Found C:\Users\Bertha\AppData\Roaming\PC Speed Maximizer
Folder Found C:\Users\Bertha\AppData\Roaming\Web Cake
Folder Found C:\Users\Bertha\AppData\Roaming\WebCake

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\alotAppbar
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\pc speed maximizer
Key Found : HKCU\Software\Splashtop Inc.
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\BetterSurf
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033343391}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\Software\Classes\Installer\Features\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\Software\Classes\Installer\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303930
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044344491}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Description
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\AmiUpdXp
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{962801FC-D13C-41A7-9F15-F8CA6BDD78E9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{962801FC-D13C-41A7-9F15-F8CA6BDD78E9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB4C1D14-840C-45F3-A3AF-3E0E7F4E65A2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\49AE5C7BA69B5F14EB59527DB8846687
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7C5EA94-B96A-41F5-BE95-25D78B486678}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Splashtop Inc.
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com?SearchSource= ... =CT3303930

-\\ Mozilla Firefox v

[ File : C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^XG^US&p2=^ATQ^YYYYYY^XG^US&tpid=ASI2-V6&apn_dbr=cr_26.0.1410.64&apn_uid=202880[...]
Line Found : user_pref("extensions.ASI2-V6.previous-keyword-url", "\"hxxp://isearch.avg.com/search?cid={99D386B2-1BB9-44F1-B069-B666F5974332}&mid=6fc58cab693f47d1b4dc6d791d545b28-57ddfc3f80ff2485c85e0a113ed33d66c2[...]
Line Found : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://isearch.avg.com/search?cid={99D386B2-1BB9-44F1-B069-B666F5974332}&mid=6fc58cab693f47d1b4dc6d791d545b28-57ddfc3f80ff2485c85e0a113ed33d6[...]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [21755 octets] - [14/12/2013 12:35:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21816 octets] ##########
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:06 pm

OTL logfile created on: 12/14/2013 12:44:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.46% Memory free
5.93 Gb Paging File | 3.85 Gb Available in Paging File | 64.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 149.55 Gb Free Space | 67.93% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/14 12:43:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bertha\Downloads\OTL.exe
PRC - [2013/12/14 12:35:00 | 001,226,802 | ---- | M] () -- C:\Users\Bertha\Downloads\adwcleaner.exe
PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 10:03:16 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/22 05:36:11 | 015,815,600 | ---- | M] (Computer Helper Publishing) -- C:\CW\Cw.exe
PRC - [2013/09/06 19:53:00 | 020,394,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2013/09/03 05:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/08/07 02:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/16 16:24:34 | 000,789,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/07/16 16:24:32 | 003,224,928 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2013/07/16 16:24:28 | 006,952,800 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2013/07/16 16:24:18 | 002,003,808 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 10:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/07/29 12:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 08:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 10:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/25 10:13:18 | 001,099,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 17:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/05/15 16:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [1998/11/24 01:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/14 12:35:00 | 001,226,802 | ---- | M] () -- C:\Users\Bertha\Downloads\adwcleaner.exe
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/12/03 10:03:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/03 12:30:04 | 001,785,856 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPUpgradeDatabase\13.1002.1.0__861de743b67055ac\CHPUpgradeDatabase.dll
MOD - [2013/11/03 12:30:03 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPSecurity\13.1002.1.0__861de743b67055ac\CHPSecurity.dll
MOD - [2013/11/03 12:30:03 | 000,229,376 | ---- | M] () -- C:\Windows\assembly\GAC_32\CHPObjects\13.1002.1.0__861de743b67055ac\CHPObjects.dll
MOD - [2013/11/03 12:30:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\BackupRestore\13.1002.1.0__861de743b67055ac\BackupRestore.dll
MOD - [2013/10/11 07:35:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/11 07:35:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/11 07:34:55 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 02:36:25 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/12 02:31:08 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\72abb24ec9ff71ff8815507b4f84f26a\System.Web.ni.dll
MOD - [2013/09/12 02:31:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/15 02:28:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 02:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:25:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 02:25:55 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 02:25:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 02:25:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 02:25:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 02:24:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 16:20:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/01/12 15:30:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NHibernate.ByteCode.Castle\2.1.1.4000__aa95f207798dfdb4\NHibernate.ByteCode.Castle.dll
MOD - [2012/01/12 15:30:39 | 000,116,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Antlr3.Runtime\3.1.0.39271__3a9cab8f8d22bfb7\Antlr3.Runtime.dll
MOD - [2012/01/12 15:30:39 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Castle.DynamicProxy2\2.1.0.0__407dd0808d44fbdc\Castle.DynamicProxy2.dll
MOD - [2012/01/12 15:30:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Castle.Core\1.1.0.0__407dd0808d44fbdc\Castle.Core.dll
MOD - [2012/01/12 15:30:35 | 002,129,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NHibernate\2.1.1.4000__aa95f207798dfdb4\NHibernate.dll
MOD - [2012/01/12 15:30:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Iesi.Collections\1.0.1.0__aa95f207798dfdb4\Iesi.Collections.dll
MOD - [2011/04/12 07:30:29 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [1999/01/19 14:35:32 | 000,209,672 | ---- | M] () -- C:\Windows\System32\VSVIEW3.OCX
MOD - [1998/11/24 01:00:00 | 000,043,520 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe


========== Services (SafeList) ==========

SRV - [2013/12/10 20:27:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/03 10:03:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/08/07 02:47:26 | 000,609,056 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/07/16 16:24:34 | 000,789,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013/06/26 18:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/19 13:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 10:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/04/12 01:00:32 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 13:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 13:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 11:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 10:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 10:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2010/06/22 10:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2010/03/03 17:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/01 08:13:12 | 000,345,352 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/15 14:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 14:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bertha\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Bertha\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/12/03 10:03:29 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/03 10:03:29 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/03 10:03:28 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/03 10:03:28 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/03 10:03:28 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/03 10:03:28 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/03 10:03:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/03 10:03:28 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/26 18:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 18:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 18:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 18:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012/06/29 01:24:02 | 000,249,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0153.sys -- (RsFx0153)
DRV - [2011/06/20 20:09:00 | 000,200,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/19 16:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 16:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/05/10 20:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 20:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 19:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/02/02 21:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/07/15 14:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 14:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 14:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 13:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/06/04 10:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1998/10/28 11:49:02 | 000,084,480 | ---- | M] (Shuttle Technology. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\epstwnt.mpd -- (epstwnt)
DRV - [1998/08/12 01:41:02 | 000,018,432 | ---- | M] (Shuttle Technology) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Sharshtl.sys -- (SHARSHTL)
DRV - [1997/12/22 17:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}
IE - HKLM\..\SearchScopes\{267D48CE-A942-49A3-9EC5-2753220560B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes,DefaultScope = {5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkot ... F990159&q={searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{5CEAE635-BD84-4F88-ABE9-1D0F77016CE0}: "URL" = http://www.bing.com/search?FORM=U146CD&PC=U146C&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6CE70BD6-2ECB-4DA3-9568-B216DBAC642F}: "URL" = http://ws.infospace.com/playsushi_tbar/ ... eUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{869B363F-0D11-44AC-AE0A-68A4ECF8322D}: "URL" = http://asksearch.ask.com/redirect?clien ... apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^XG^US&apn_dbr=cr_26.0.1410.64&doi=2013-05-14&q={searchTerms}&
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{90182B2A-2920-411D-9895-9366069869D0}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120103,6901,0,8,0
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={99D386B2-1BB9-44F1-B069-B666F5974332}&mid=6fc58cab693f47d1b4dc6d791d545b28-57ddfc3f80ff2485c85e0a113ed33d66c2f49748&lang=en&ds=AVG&pr=fr&d=2012-01-04 14:41:27&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=8AC4374001CC6281005C844D&install_time=2011-08-24T17:16:03Z&src_id=30046&camp_id=3057&tb_version=1.1.0000.2(B)
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{F2BBD450-7955-4E04-BC27-0E533824C9BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS476
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Ask Search"
FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^XG^US&p2=^ATQ^YYYYYY^XG^US&tpid=ASI2-V6&apn_dbr=cr_26.0.1410.64&apn_uid=202880FC-E2E5-4997-8656-9066602E1E2B&itbv=11.8.1.507&doi=2013-05-14"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files\LivingPlay\nplplaypop.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013/09/12 09:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/26 11:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2jffxtbr@RecipeHub_2j.com: C:\Program Files\RecipeHub_2j\bar\1.bin [2013/12/01 09:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files\BetterSurf\ff [2013/11/13 11:33:08 | 000,000,000 | ---D | M]

[2011/07/19 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Extensions
[2012/06/06 09:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions
[2011/04/12 07:16:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/21 12:23:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/12/13 09:05:22 | 000,000,000 | ---D | M] (Recipe Hub) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\2jffxtbr@RecipeHub_2j.com
[2012/06/06 09:53:22 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\crossriderapp3491@crossrider.com
[2011/06/21 12:23:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com
[2012/01/20 12:22:47 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\inboxcomtoolbar@inbox.com
[2011/04/12 07:16:23 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\wecarereminder@bryan
[2013/05/14 11:08:45 | 000,002,515 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\ask-search.xml
[2011/05/17 12:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\askcom.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?FORM=U146CD&PC=U146C&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U146CD&PC=U146C,
CHR - homepage: http://www.msn.com/?pc=U146C&ocid=U146CDHP
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll
CHR - plugin: Windows Live0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: BetterSurf = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\
CHR - Extension: WebCake = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\30.0.1599.86_0\
CHR - Extension: Privacy SafeGuard = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
CHR - Extension: WhiteSmoke New = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\
CHR - Extension: WhiteSmoke New = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Vid-Saver = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.21.72_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.21.72_0\
CHR - Extension: Gmail = C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (BetterSurf) - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files\BetterSurf\ie\BetterSurf.dll ()
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (no name) - {41534932-2D56-3600-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-262933362-4071809552-10700770-1000..\Run: [PC Speed Maximizer] "C:\Program Files\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKU\S-1-5-21-262933362-4071809552-10700770-1000..\Run: [SPMTray] "C:\Program Files\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1364B53-028A-497F-8521-A23C855D6DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/14 12:35:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/14 12:20:24 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/14 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/12/14 12:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/12/13 11:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/12/12 03:05:06 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 03:05:05 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/12 03:05:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 03:05:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 03:05:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 03:05:03 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/12 03:05:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/12 03:05:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/12 03:05:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/12 03:05:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 03:05:02 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/12 03:05:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/12 03:05:00 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 03:04:57 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 03:02:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 22:06:17 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 22:06:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 22:06:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 22:06:14 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 22:06:14 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 22:06:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/10 13:02:46 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/12/10 13:02:46 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/12/10 13:02:46 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/12/10 13:02:46 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/12/10 13:02:46 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/10 13:02:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/12/10 13:02:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/12/10 13:02:46 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/12/10 13:02:46 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/12/10 13:02:46 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/10 13:02:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/12/10 13:02:46 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/12/10 13:02:46 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/12/10 13:02:46 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/12/10 13:02:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/12/10 13:02:46 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/12/10 13:02:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/12/10 13:02:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/12/10 13:02:46 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/12/10 13:02:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/12/10 13:02:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/12/10 13:02:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/12/10 13:02:46 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/12/10 13:02:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/12/10 13:02:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/12/10 13:02:46 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/12/10 13:02:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/12/10 13:02:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/12/10 13:02:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/12/03 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Roaming\AVAST Software
[2013/12/03 10:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/03 09:52:40 | 000,104,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/12/03 09:52:22 | 000,259,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2013/11/18 09:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/18 09:47:05 | 000,000,000 | ---D | C] -- C:\Users\Bertha\AppData\Local\NativeMessaging
[2013/11/18 06:33:00 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/11/18 06:33:00 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Bertha\Desktop\*.tmp files -> C:\Users\Bertha\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/14 12:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/14 12:21:58 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | M] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk
[2013/12/14 11:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/14 11:33:01 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/12/14 08:57:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/13 12:14:59 | 000,022,449 | ---- | M] () -- C:\Users\Bertha\Desktop\ActiveReports Document.pdf
[2013/12/13 11:56:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 11:56:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 11:54:15 | 000,751,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/13 11:54:15 | 000,154,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/13 11:51:00 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2013/12/13 11:48:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/12/13 11:48:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/13 11:42:19 | 2387,288,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/12 03:22:34 | 000,470,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/10 20:27:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 20:27:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/10 13:02:46 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/12/10 13:02:46 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/12/10 13:02:46 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/12/10 13:02:46 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/12/10 13:02:46 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/10 13:02:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/12/10 13:02:46 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/12/10 13:02:46 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/12/10 13:02:46 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/12/10 13:02:46 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/10 13:02:46 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/12/10 13:02:46 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/12/10 13:02:46 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/12/10 13:02:46 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/12/10 13:02:46 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/12/10 13:02:46 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/12/10 13:02:46 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/12/10 13:02:46 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/12/10 13:02:46 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/12/10 13:02:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/12/10 13:02:46 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/12/10 13:02:46 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/12/10 13:02:46 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/12/10 13:02:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/12/10 13:02:46 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/12/10 13:02:46 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/12/10 13:02:46 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/12/10 13:02:46 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/12/10 13:02:46 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/12/10 13:02:46 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/12/05 02:59:32 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/04 08:46:37 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/03 10:03:29 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/03 10:03:29 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/12/03 10:03:28 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/03 10:03:28 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/03 10:03:28 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/12/03 10:03:28 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/03 10:03:28 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/03 10:03:28 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/12/03 10:03:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/03 10:03:21 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/03 10:02:41 | 000,259,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys
[2013/12/03 09:52:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/11/27 07:04:44 | 000,027,735 | ---- | M] () -- C:\Users\Bertha\Desktop\Check Printing 9321-9328.pdf
[2013/11/26 01:23:02 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/26 01:22:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/26 01:06:45 | 000,031,539 | ---- | M] () -- C:\Users\Bertha\Desktop\Treasurer's Report for January, 2013 through November, 2013.pdf
[2013/11/26 00:53:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/26 00:52:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/26 00:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/26 00:36:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/26 00:29:55 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/26 00:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/26 00:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/26 00:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/23 23:53:59 | 000,037,152 | ---- | M] () -- C:\Users\Bertha\Desktop\1385279606034.pdf
[2013/11/23 22:43:13 | 000,023,427 | ---- | M] () -- C:\Users\Bertha\Desktop\Check Printing.pdf
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/18 09:48:03 | 000,000,009 | ---- | M] () -- C:\end
[2013/11/14 23:41:28 | 000,020,966 | ---- | M] () -- C:\Users\Bertha\Desktop\Check Printing payroll.pdf
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Bertha\Desktop\*.tmp files -> C:\Users\Bertha\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/14 12:21:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BERTHA-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2013/12/14 12:19:52 | 000,002,179 | ---- | C] () -- C:\Users\Bertha\Desktop\Tweaking.com - Registry Backup.lnk
[2013/12/13 12:15:04 | 000,022,449 | ---- | C] () -- C:\Users\Bertha\Desktop\ActiveReports Document.pdf
[2013/12/10 13:02:46 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/12/04 08:46:37 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/03 09:52:39 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/03 09:52:39 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/27 07:04:54 | 000,027,735 | ---- | C] () -- C:\Users\Bertha\Desktop\Check Printing 9321-9328.pdf
[2013/11/26 01:06:52 | 000,031,539 | ---- | C] () -- C:\Users\Bertha\Desktop\Treasurer's Report for January, 2013 through November, 2013.pdf
[2013/11/23 23:53:56 | 000,037,152 | ---- | C] () -- C:\Users\Bertha\Desktop\1385279606034.pdf
[2013/11/23 22:43:19 | 000,023,427 | ---- | C] () -- C:\Users\Bertha\Desktop\Check Printing.pdf
[2013/11/14 23:41:55 | 000,020,966 | ---- | C] () -- C:\Users\Bertha\Desktop\Check Printing payroll.pdf
[2013/11/05 10:51:10 | 000,103,272 | ---- | C] () -- C:\Users\Bertha\GoToAssistDownloadHelper.exe
[2013/07/03 11:59:02 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/11/06 13:31:20 | 000,000,258 | RHS- | C] () -- C:\Users\Bertha\ntuser.pol
[2012/03/23 10:44:02 | 000,000,000 | ---- | C] () -- C:\Users\Bertha\AppData\Local\rx_image32.Cache
[2012/03/22 14:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/22 14:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/22 14:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/22 14:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/22 14:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/08 13:37:45 | 000,404,033 | ---- | C] () -- C:\Users\Bertha\AppData\Local\census.cache
[2012/03/08 13:37:25 | 000,160,371 | ---- | C] () -- C:\Users\Bertha\AppData\Local\ars.cache
[2012/01/19 13:49:37 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/11/01 07:54:46 | 000,200,254 | ---- | C] () -- C:\Users\Bertha\KJ.jpg
[2011/04/27 11:54:04 | 000,007,597 | ---- | C] () -- C:\Users\Bertha\AppData\Local\resmon.resmoncfg
[2010/10/21 08:53:51 | 000,001,940 | ---- | C] () -- C:\Users\Bertha\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/07 09:20:10 | 000,000,036 | ---- | C] () -- C:\Users\Bertha\AppData\Local\housecall.guid.cache
[2009/06/15 09:27:24 | 000,006,520 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2005/04/14 12:11:41 | 000,019,456 | ---- | C] () -- C:\Users\Bertha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/09 10:50:05 | 000,038,408 | ---- | C] () -- C:\Users\Bertha\AppData\Roaming\Comma Separated Values (Windows).ADR
[2003/12/02 12:44:49 | 000,000,129 | ---- | C] () -- C:\Users\Bertha\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/03 10:10:12 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\AVAST Software
[2013/08/20 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Betcat
[2008/05/27 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\cs
[2012/06/06 09:53:57 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\InfraRecorder
[2011/04/12 07:16:18 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Leadertech
[2013/05/15 08:14:38 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Oberon Media
[2013/05/14 11:08:58 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\OpenCandy
[2012/06/06 10:14:05 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\PC Speed Maximizer
[2011/04/12 07:16:24 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Printer Info Cache
[2013/09/30 09:32:37 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\SoftGrid Client
[2011/07/27 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Temp
[2011/04/12 11:07:33 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\TP
[2012/11/06 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\uTorrent
[2011/04/12 07:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Wal-Mart Digital Photo Manager
[2011/04/12 07:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Wal-Mart Digital Photo Viewer
[2013/08/12 02:36:14 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Web Cake
[2013/07/29 07:41:13 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\WebCake
[2011/04/12 07:16:39 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Xerox
[2011/09/08 08:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/09/08 08:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:D478F292

< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:07 pm

OTL Extras logfile created on: 12/14/2013 12:44:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bertha\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.96 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.46% Memory free
5.93 Gb Paging File | 3.85 Gb Available in Paging File | 64.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.15 Gb Total Space | 149.55 Gb Free Space | 67.93% Space Free | Partition Type: NTFS

Computer Name: BERTHA-PC | User Name: Bertha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB4DFC0-B3C9-4983-BB58-2A7BF3295979}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{27838348-9942-4A6F-A6DD-D3B3A6462A3C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{330A18B2-A833-4355-B414-B2E6EDEE7E11}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{37DE9F2F-ADE8-4C75-8F34-3D8CFAD2EDE9}" = lport=445 | protocol=6 | dir=in | app=system |
"{45284E45-6D0E-4A49-B163-28768FF26934}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4A62E959-61B0-4308-90CE-B18D672D308D}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{634A4B35-7EF7-4410-B0C1-D8DADDB439A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{65D76F1B-3F45-44D0-B557-E73736E7B539}" = lport=139 | protocol=6 | dir=in | app=system |
"{66ECCB76-EBD4-4D40-B0EB-8D8E77A3E497}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D5B4F24-D156-4C50-A58C-A83E384E1871}" = lport=137 | protocol=17 | dir=in | app=system |
"{70B9C0A1-9BBA-4B98-9EC0-FF217DC3FC92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{715AE85F-445C-4E2B-A158-BE4C1B105533}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7916DEDC-1D1A-48DC-933D-0B22A02296CB}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{A073D09B-BD9A-4A40-990D-C6EFAD53E3D7}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A453AB5D-06EB-470C-AC37-E254E2CD77E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7AC864C-A3EF-4D74-8650-572F859F1F9D}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{CA5FA8BF-EA52-4B1D-ADBC-2C1B7F47F4DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD9DBAA3-4CF9-4740-89F4-1BE66F1682D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFB3B544-4181-4542-A084-BBCEC4E13F4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6C4896D-9E1D-4D8D-82ED-867C6CA95D2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB3FEE90-B2F8-4304-8350-2804FADD994D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC5BB6AA-18C6-4424-87F6-04A6C0676F33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1A268B6-6B40-4A25-B833-7B3F9768D2C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{E6AF62F4-9EF2-44D6-984A-0FD9C8B9B26F}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{FD29672C-14A5-44B7-BFB6-690FB7CC8883}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6A18CC-6693-4F47-A79E-E313A908AE7B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{0C3C9E46-04DC-4418-B336-45F8CEA62EAD}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql |
"{1075D997-6132-405F-B50B-991FA57ED1C5}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{142E9557-3800-4D6C-8E53-14A52F19ED12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17D48409-E655-46ED-8661-12E2B8802A1E}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{1A6F1BA7-58CF-4BF9-A9C7-64C1B25A292E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{26830F28-C87C-402D-A226-BA91676399F6}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{36C9B49A-0B56-4681-BD80-EF548D9DEE2E}" = protocol=6 | dir=out | app=c:\program files\microsoft sql server\100\shared\ |
"{3F3545F4-9CE4-4293-B671-DBC2BB0ECBE5}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{421A54EE-48CC-44C0-99A9-CB85EEECB169}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4D8D28EC-0C2C-4B18-876D-1A646807C0BD}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{54BCFB01-5DFE-40A0-B1E4-31601D46D97E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{579C0D40-A009-4F35-9AC0-B567C8BA0195}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{61A554DD-BE2B-4F72-8B1A-CCDE96787AAD}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\100\shared\ |
"{682AEE63-E87E-4649-AADF-FCEC2855B2E2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{7AF9D35D-BC90-41FC-9307-63553432B3E7}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{7DBF2A80-9CF8-48BF-A2B4-1C3D7683173D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{7DE84200-6143-4A8A-AB55-EE7799322373}" = protocol=6 | dir=out | app=c:\program files\microsoft sql server\mssql10_50.churchwindows\mssql |
"{809D2214-8394-45BA-8B64-BD15690D0131}" = protocol=6 | dir=in | app=c:\cw\cw.exe |
"{8A83CD5F-84EE-4909-8D98-82A54CB6A8C1}" = protocol=6 | dir=out | app=c:\cw\cw.exe |
"{9142739D-EA7E-4458-A204-D31185687B7A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{926DC843-8E36-4BCF-AF66-B5DBF4D13AA4}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{93CBD347-FCFC-4270-8BA3-62F864E31E61}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{961350B9-61F6-408F-B676-24C9656ACCAB}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{AAB5B2EC-225C-4A58-BBC1-AC644879872B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B721C1AD-C6EA-4F23-BA44-07D4FA51B2C9}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{B845194C-D1B3-4915-ADEA-502E195794B5}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe |
"{C65983C7-3689-4A0D-8267-A5CD60DC8E3F}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{CC93D847-0420-43D1-B463-1F4FD84725A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8D6D326-F1AC-483F-B924-3C512E1C54D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EBBAE0D2-6ABB-4269-AC8C-23ABACD1ADC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EDF7169D-9325-4C21-8E8E-2E6DDAF77738}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{F0BC2FB8-0AF6-4C0D-9466-51CFF798F7BE}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F4BDB281-47A3-416A-BFF7-353C69D7BF89}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{F6A05AC5-E90C-4567-A559-B34792C8589A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F72CB282-4EC8-409E-9DB8-879176446308}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{B6BD6137-0B47-4310-B28D-320466227CC3}C:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{D0FE5DE8-1A99-4C5C-AE8D-E9FEC19CA75B}C:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe |
"UDP Query User{99026531-D772-4622-B6CA-188274980A82}C:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\bertha\appdata\local\temp\simplehelpstandalone_30250226_-1112394739\jre\bin\javaw.exe |
"UDP Query User{C4D072DA-ABCF-4701-8B92-D11DC5CB0495}C:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\bertha\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3BDEDA44-E016-4643-A740-68618D8CCFA2}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 SP2 Database Engine Services
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}" = Microsoft SQL Server 2008 R2 Setup (English)
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{85D468B9-D074-4BC5-BAFD-121ED3D83657}" = Church Windows Payroll (C:\CWPay\)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 SP2 Database Engine Services
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP2 Common Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D8AA026F-0EE5-4550-A6DA-8BE4AB5D3E54}" = Church Windows (C:\CW\)
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}" = Microsoft SQL Server 2008 R2 Native Client
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP2 Common Files
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BurnToDisk_is1" = BurnToDisk version 1.0
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Google Chrome" = Google Chrome
"HP PrecisionScan" = HP PrecisionScan
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"MDI Converter_is1" = MDIConverter 3.0
"MDI Viewer_is1" = MDIViewer 3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pandora's Box_is1" = Pandoras Box V1.3.8
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Splashtop Software Updater" = Splashtop Software Updater
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Vid-Saver" = Vid-Saver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3271 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: A nonrecoverable I/O error
occurred on file "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}1:" 995(The I/O operation
has been aborted because of either a thread exit or an application request.).

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3202 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Write on "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}10"
failed: 995(The I/O operation has been aborted because of either a thread exit
or an application request.)

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3202 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Write on "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}7"
failed: 995(The I/O operation has been aborted because of either a thread exit
or an application request.)

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3202 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Write on "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}6"
failed: 995(The I/O operation has been aborted because of either a thread exit
or an application request.)

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3202 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Write on "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}8"
failed: 995(The I/O operation has been aborted because of either a thread exit
or an application request.)

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3202 Error state: 1, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Write on "{3255EF8A-9F73-435C-8E02-E284D45C8B5C}2"
failed: 995(The I/O operation has been aborted because of either a thread exit
or an application request.)

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLVDI | ID = 1
Description = SQLVDI: Loc=SVDS::Open. Desc=Open(Control). ErrorCode=(2)The system
cannot find the file specified. . Process=2376. Thread=2520. Server. Instance=CHURCHWINDOWS.
VD=Global\{3255EF8A-9F73-435C-8E02-E284D45C8B5C}9_SQLVDIMemoryName_0.

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = MSSQL$CHURCHWINDOWS | ID = 3201
Description = Cannot open backup device '{3255EF8A-9F73-435C-8E02-E284D45C8B5C}9'.
Operating system error 0x80070002(The system cannot find the file specified.).

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = MSSQL$CHURCHWINDOWS | ID = 3041
Description = BACKUP failed to complete the command BACKUP DATABASE Daab11e4ff16e4a32a28fbdfe15d5aa0e.
Check the backup application log for detailed messages.

Error - 12/14/2013 4:21:27 PM | Computer Name = Bertha-PC | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Server Native Client 10.0 Error message: BACKUP DATABASE is terminating
abnormally. SQLSTATE: 42000, Native Error: 3201 Error state: 7, Severity: 16 Source:
Microsoft SQL Server Native Client 10.0 Error message: Cannot open backup device
'{3255EF8A-9F73-435C-8E02-E284D45C8B5C}9'. Operating system error 0x80070002(The
system cannot find the file specified.).

[ Media Center Events ]
Error - 03/30/2012 3:54:05 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 12:54:02 PM - Error connecting to the internet. 12:54:02 PM - Unable
to contact server..

Error - 05/20/2012 11:47:39 AM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 8:47:39 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/21/2012 11:53:49 AM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 8:53:48 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/21/2012 12:53:59 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 9:53:59 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/21/2012 1:54:07 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 10:54:06 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/21/2012 3:50:40 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 12:50:40 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/22/2012 11:38:20 AM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 8:38:13 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/22/2012 3:31:44 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 12:31:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/23/2012 11:47:13 AM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 8:47:10 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 05/23/2012 3:47:16 PM | Computer Name = Bertha-PC | Source = MCUpdate | ID = 0
Description = 12:47:16 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 12/12/2013 3:32:46 PM | Computer Name = Bertha-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 12/12/2013 3:32:46 PM | Computer Name = Bertha-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 12/13/2013 3:48:11 PM | Computer Name = Bertha-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 12/13/2013 3:48:12 PM | Computer Name = Bertha-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/13/2013 3:48:13 PM | Computer Name = Bertha-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/13/2013 3:49:16 PM | Computer Name = Bertha-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/13/2013 5:01:53 PM | Computer Name = Bertha-PC | Source = bowser | ID = 8003
Description =

Error - 12/14/2013 3:49:27 AM | Computer Name = Bertha-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/14/2013 8:59:43 AM | Computer Name = Bertha-PC | Source = bowser | ID = 8003
Description =

Error - 12/14/2013 2:58:47 PM | Computer Name = Bertha-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:09 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 12:58 on 14/12/2013 by Bertha
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Y5TK8H7\bundled_whitesmokej[1].jpg --a---- 58670 bytes [15:49 20/06/2013] [15:49 20/06/2013] 7A2B11D189229829ABCC3C4F7A4BE4EF
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RYIOFBJ\WhiteSmoke_New[1].exe --a---- 2526720 bytes [15:52 20/06/2013] [15:52 20/06/2013] 399AA8D5A99220D4892388C3A86AD763
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RYIOFBJ\WhiteSmoke_New_wpf[1].exe --a---- 3475648 bytes [15:52 20/06/2013] [15:52 20/06/2013] 07DA5286199C8DCD64B94CA4A5519CF7
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WUVLW72S\whitesmokeTools[1].htm --a---- 8872 bytes [00:34 21/06/2013] [00:34 21/06/2013] F9099F6F1264DF680B02952A68559AED

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@babylon[1].txt --a---- 563 bytes [18:35 12/11/2010] [18:35 12/11/2010] E45086D4EB17CA1CEC77C87B10B3540A

Searching for "*conduit*"
C:\Users\Bertha\AppData\Local\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_2_4.xml --a---- 10909 bytes [18:35 12/11/2010] [20:41 29/11/2010] 1B3B574AA349758343D3C80787B9739E
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [17:53 08/11/2010] [17:53 08/11/2010] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [17:53 08/11/2010] [17:53 08/11/2010] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [17:53 08/11/2010] [17:53 08/11/2010] A847C5F6CE2C700048749892DD2E0619
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [17:53 08/11/2010] [17:53 08/11/2010] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [16:48 11/01/2011] [16:48 11/01/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [17:53 08/11/2010] [17:53 08/11/2010] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [17:53 08/11/2010] [17:53 08/11/2010] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png --a---- 610 bytes [17:53 08/11/2010] [17:53 08/11/2010] 68E9E9252E45ED7BD51B8680E8DD4462
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png --a---- 606 bytes [17:53 08/11/2010] [17:53 08/11/2010] 8D8D187BA99DBEF76E4286668B474A4E
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [17:53 08/11/2010] [17:53 08/11/2010] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [17:53 08/11/2010] [17:53 08/11/2010] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [17:53 08/11/2010] [17:53 08/11/2010] 650731EEF807C292E699779B12CBE552
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png --a---- 696 bytes [17:53 08/11/2010] [17:53 08/11/2010] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
C:\Users\Bertha\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [17:53 08/11/2010] [17:53 08/11/2010] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml --a---- 6613 bytes [17:53 08/11/2010] [17:53 08/11/2010] FE3E6F69A41E7532957D7814E3E433E1
C:\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml --a---- 6819 bytes [17:53 08/11/2010] [16:56 11/04/2011] A278FCD81E7E9E287A0F8BB1C89CD2C6
C:\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml --a---- 4060 bytes [17:53 08/11/2010] [17:53 08/11/2010] D36423CECBFE5F806725E13ED7101201
C:\Users\Bertha\AppData\Local\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml --a---- 4475 bytes [17:53 08/11/2010] [16:56 11/04/2011] 74F81E98677EB434ADD4BC697F677185
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\ConduitAbstractionLayerBack.js --a---- 454854 bytes [18:28 11/12/2013] [18:28 11/12/2013] 7E6A4F6F01F813BBB79D3EAE0B02C213
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\ConduitAbstractionLayerFront.js --a---- 222166 bytes [18:28 11/12/2013] [18:28 11/12/2013] DD3DFC8D0F098FBA8FC7CCEB1AD0A9D0
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\js\conduitEnv.js --a---- 93693 bytes [18:29 11/12/2013] [18:29 11/12/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\plugins\ConduitChromeApiPlugin.dll --a---- 492320 bytes [18:29 11/12/2013] [18:29 11/12/2013] 9D673D6C8471BF6D13338625FCF1FDC6
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [18:29 11/12/2013] [18:29 11/12/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [18:29 11/12/2013] [18:29 11/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.23.0.822_0\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [18:29 11/12/2013] [18:29 11/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 210944 bytes [16:29 21/06/2013] [16:42 12/12/2013] A2B9EFA171D7F7BAFDC7CAA240B0012C
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 16384 bytes [16:29 21/06/2013] [16:42 12/12/2013] C4B97C0FE7B753DB1E4DBE34A6E09C71
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage --a---- 4096 bytes [20:29 18/11/2013] [16:42 12/12/2013] 40BAC9964DBF006395F1331CF10C0644
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal --a---- 4640 bytes [20:29 18/11/2013] [16:42 12/12/2013] C0C64B30BE326D9A18B3B912847635BA
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage --a---- 29696 bytes [19:16 26/11/2013] [19:49 11/12/2013] EE411F76D728CC580455C9B05C87360F
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastcontent.conduit.com_0.localstorage-journal --a---- 16384 bytes [19:16 26/11/2013] [19:49 11/12/2013] FCACB8F45D3ECAEDFDDEDF1D71324CFE
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage --a---- 1879040 bytes [20:29 18/11/2013] [20:03 11/12/2013] B14A5E5F5ED40222B63868EE49B9297A
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal --a---- 11864 bytes [20:29 18/11/2013] [20:03 11/12/2013] 1FCD6D1923DEE89CF38CC01B87EFC4AD
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage --a---- 3072 bytes [16:38 27/06/2013] [17:16 27/06/2013] 5959C795468576A3719B000C0DFBE45B
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal --a---- 3608 bytes [16:38 27/06/2013] [17:16 27/06/2013] B709E7F26D05C201CE49BC88E40F32A9
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage --a---- 3072 bytes [20:29 18/11/2013] [19:47 11/12/2013] 4E6DFA5626D30EC81AEB7A85A25818F0
C:\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal --a---- 3608 bytes [20:29 18/11/2013] [19:47 11/12/2013] FB7075AAFA1FEAAB5AB79C666B1D8E0E
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RKLOPY1\conduit[1].png --a---- 3213 bytes [17:07 26/11/2013] [17:07 26/11/2013] 1F33D127AF47707401FDF33A2EC2F5C5
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JFB84IBA\conduittlb_023[1].js --a---- 98892 bytes [00:34 21/06/2013] [00:34 21/06/2013] D1B21D757DF80F15B21CFFA5C82BCF84
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L9EZICJQ\conduittlb_023[1].js --a---- 98892 bytes [00:36 21/06/2013] [00:36 21/06/2013] D1B21D757DF80F15B21CFFA5C82BCF84
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OEPF8KPE\Conduit[1].htm --a---- 1260 bytes [20:34 12/12/2013] [20:34 12/12/2013] ACA9A5FC430A2337789CE39A61149393
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TJ61TR1A\conduittlb_023[1].js --a---- 98892 bytes [00:35 21/06/2013] [00:35 21/06/2013] D1B21D757DF80F15B21CFFA5C82BCF84
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V2CHSDZ5\Conduit[1].htm --a---- 1260 bytes [19:50 13/12/2013] [19:50 13/12/2013] ACA9A5FC430A2337789CE39A61149393
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJF2OE8V\Conduit.Search[1].htm --a---- 476 bytes [19:51 13/12/2013] [19:51 13/12/2013] 952229B261BEDC5CDC9925F70F8ED7D6
C:\Users\Bertha\AppData\Local\temp\ins5713\mconduitinstaller_0706-f69c61ee.exe --a---- 81536 bytes [17:46 18/11/2013] [17:46 18/11/2013] 446623160A87BCB075C3B9A3C8827CA9
C:\Users\Bertha\AppData\Local\temp\scoped_dir_6504_16935\CRX_INSTALL\ConduitAbstractionLayerBack.js --a---- 493840 bytes [17:48 18/11/2013] [17:48 18/11/2013] 956C6B5C3906F986224B55C1AD420B28
C:\Users\Bertha\AppData\Local\temp\scoped_dir_6504_16935\CRX_INSTALL\ConduitAbstractionLayerFront.js --a---- 249477 bytes [17:48 18/11/2013] [17:48 18/11/2013] 507A133685F64AECB9C9D1E8B4CAF057
C:\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_US.xml --a---- 179 bytes [20:28 21/06/2011] [20:28 21/06/2011] F7598DCC137C5BC7A12A1A69CF63D58D
C:\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml --a---- 193 bytes [00:34 21/06/2013] [00:57 21/06/2013] 405DD1D7D36C626FAFD9AC9650D3CD76
C:\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1788829_1779370_US.xml --a---- 188 bytes [17:48 18/11/2013] [19:33 18/11/2013] BAC1CAF6C43C7E9968DBC080550AAA71
C:\Users\Bertha\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml --a---- 191 bytes [20:28 21/06/2011] [20:28 21/06/2011] 43C93B80235159F037CEA9A173922F92
C:\Users\Bertha\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_5_3.xml --a---- 10909 bytes [20:28 21/06/2011] [20:28 21/06/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CN9G968E\fastcontent.conduit[1].xml --a---- 363 bytes [00:34 21/06/2013] [00:36 21/06/2013] 842A5A1F51F377158E11947E85893394
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\apps.search.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GXMDZ74E\facebook.conduitapps[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LYZM0OFG\cap1.conduit-apps[1].xml --a---- 13 bytes [17:48 18/11/2013] [17:48 18/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MGBO1MON\app.mam.conduit[1].xml --a---- 133 bytes [17:48 18/11/2013] [17:48 18/11/2013] E56D08FC5B78390487B331CF45FC3537
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UUOS2B1X\storage.conduit[1].xml --a---- 13 bytes [17:48 18/11/2013] [17:48 18/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\app.mam.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XZIFTGN5\storage.conduit[1].xml --a---- 13 bytes [00:34 21/06/2013] [00:34 21/06/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Bertha\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YO6RQMHP\fastcontent.conduit[1].xml --a---- 840 bytes [17:48 18/11/2013] [19:30 18/11/2013] 43F35D85857319F7AED89FE3DD646393
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@apps.conduit[1].txt --a---- 438 bytes [18:37 12/11/2010] [16:54 10/12/2010] 7F8234C135550954E86FC636DE75056C
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@conduit[1].txt --a---- 244 bytes [18:16 10/12/2010] [18:16 10/12/2010] 9E7946F5D4A26620244393CE569D1387
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@search.conduit[1].txt --a---- 680 bytes [17:53 08/11/2010] [20:48 12/11/2010] 4F256A5EEEEAF8C9BF90B2A952C67AA4
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@shop.conduit-widgets[1].txt --a---- 270 bytes [20:23 02/12/2010] [20:23 02/12/2010] C134200FD7ABFD6C613914F0A1FB545D
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\chrome\conduitengine.jar --a---- 729935 bytes [20:23 21/06/2011] [20:23 21/06/2011] 4A2D55615F60C3A00E03ECFD39224EC5
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js --a---- 16435 bytes [20:23 21/06/2011] [20:23 21/06/2011] FA0D9E1396C227B8697E41996A95912B
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [20:23 21/06/2011] [20:23 21/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\components\ConduitToolbar.idl --a---- 152 bytes [20:23 21/06/2011] [20:23 21/06/2011] 33D4D4337895FCA507DF937B5980D41A
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\components\ConduitToolbar.js --a---- 2389 bytes [20:23 21/06/2011] [20:23 21/06/2011] 6A2C72DF1348F39C0CE44E1B8C10F5CE
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt --a---- 140 bytes [20:23 21/06/2011] [20:23 21/06/2011] DFFE26916941DE0A33E503FD38008290
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\searchplugin\conduit.gif --a---- 173 bytes [20:23 21/06/2011] [20:23 21/06/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\searchplugin\conduit.ico --a---- 1406 bytes [20:23 21/06/2011] [20:23 21/06/2011] A23164BA794BE61799C67423F56C9163
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\searchplugin\conduit.PNG --a---- 255 bytes [20:23 21/06/2011] [20:23 21/06/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\searchplugin\conduit.src --a---- 328 bytes [20:23 21/06/2011] [20:23 21/06/2011] 43317CC423A502C077AD68F838249117
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com\searchplugin\conduit.xml --a---- 913 bytes [20:23 21/06/2011] [20:23 21/06/2011] 4E45A93B99F44F41EADFB167FB85FB02
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js --a---- 16435 bytes [20:23 21/06/2011] [20:23 21/06/2011] FA0D9E1396C227B8697E41996A95912B
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [20:23 21/06/2011] [20:23 21/06/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl --a---- 148 bytes [20:23 21/06/2011] [20:23 21/06/2011] 44D23D49A6D3961BDE3068EB38D75CF0
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js --a---- 2377 bytes [20:23 21/06/2011] [20:23 21/06/2011] 8C830EA90BD3D62C5037BDCFF4F1F6F1
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt --a---- 136 bytes [20:23 21/06/2011] [20:23 21/06/2011] E314B9BFDD420DCE4ECC6E9710D139D6
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif --a---- 173 bytes [20:23 21/06/2011] [20:23 21/06/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico --a---- 1406 bytes [20:23 21/06/2011] [20:23 21/06/2011] A23164BA794BE61799C67423F56C9163
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG --a---- 255 bytes [20:23 21/06/2011] [20:23 21/06/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src --a---- 254 bytes [20:23 21/06/2011] [20:23 21/06/2011] 1C54B2456A8AA2AE438000F3C28C3F17
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml --a---- 863 bytes [20:23 21/06/2011] [20:23 21/06/2011] 9899FF3D3FB322748631B08B248D8055
C:\Windows\System32\ConduitEngine.tmp --a---- 0 bytes [20:23 21/06/2011] [20:23 21/06/2011] D41D8CD98F00B204E9800998ECF8427E

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Program Files\Conduit d------ [15:53 20/06/2013]
C:\ProgramData\Conduit d------ [17:47 18/11/2013]
C:\Users\All Users\Conduit d------ [17:47 18/11/2013]
C:\Users\Bertha\AppData\Local\Conduit d------ [16:53 08/11/2010]
C:\Users\Bertha\AppData\Local\ConduitEngine d------ [16:48 08/11/2010]
C:\Users\Bertha\AppData\LocalLow\Conduit d------ [20:23 21/06/2011]
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com d------ [20:23 21/06/2011]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22careerbuilder.com%22%2C%22dice.com%22%2C%2
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22caree

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"contextInfo"="%7B%22toolbarName%22%3A%22WhiteSmoke_New%22%2C%22Ctid%22%3A%22CT3289847%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%7D"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_New%22%7D"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%7D"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661007799818%22%2C%22onBe
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661008267819___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661008267819%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661008267819%22%2C%22
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661012167824___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661012167824%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661012167824%22%2C%22
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661012791827___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661012791827%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661012791827%22%2C%22or
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1000082___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.41956059029325843%22%7D"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661014663831___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661014663831%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661014663831%22%2C%22or
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4908288088155535248___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_5192755845322684304___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%225192755845322684304%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%225192755845322684304%22%2C%2
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_7a8c28fb-6dca-45ef-b2aa-447585314796___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.513071897206828%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a6a17d9-e633-494a-8223-67bd0aae7d8e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.8798282218631357%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4d4e8180-5465-49dd-949d-39ee6d97bb2c___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.2230749148875475%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1f229d03-6496-4ce6-82f7-9c0cafd83be3___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.23351907124742866%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_37a8a65b-0541-4bc7-9c3b-58f79058d8ea___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.20137591823004186%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a4190c9-e8bd-4d0f-8596-636137571359___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.13244452979415655%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%223%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_2111a221-643a-43e0-9dae-04069cacaacc___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.07503762491978705%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%224%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_02e61e46-e29f-49fc-a646-c8f62d9c749e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.516193174989894%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_CouponBuddy___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22original
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_ACplus___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22originalHeigh
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_WindowShopper___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22origin
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_Find-a-Pro___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22originalH
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_PiclickV2-WebSearch___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_Discover___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908288088155535248%22%2C%22originalHe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\WhiteSmoke_New]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewAutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewAutoUpdateHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewToolbarHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewToolbarHelper_RASMANCS]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"contextInfo"="%7B%22toolbarName%22%3A%22WhiteSmoke_New%22%2C%22Ctid%22%3A%22CT3289847%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%7D"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_New%22%7D"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%7D"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661008267819___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661008267819%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appI
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661012167824___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661012167824%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appI
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661012791827___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661012791827%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1000082___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.41956059029325843%22%7D"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661014663831___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661014663831%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4908288088155535248___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_5192755845322684304___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%225192755845322684304%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appI
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_7a8c28fb-6dca-45ef-b2aa-447585314796___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.513071897206828%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhk
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a6a17d9-e633-494a-8223-67bd0aae7d8e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.8798282218631357%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4d4e8180-5465-49dd-949d-39ee6d97bb2c___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.2230749148875475%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1f229d03-6496-4ce6-82f7-9c0cafd83be3___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.23351907124742866%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_37a8a65b-0541-4bc7-9c3b-58f79058d8ea___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.20137591823004186%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a4190c9-e8bd-4d0f-8596-636137571359___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.13244452979415655%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%223%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_2111a221-643a-43e0-9dae-04069cacaacc___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.07503762491978705%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%224%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_02e61e46-e29f-49fc-a646-c8f62d9c749e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.516193174989894%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_CouponBuddy___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%2
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_ACplus___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224908
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_WindowShopper___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_Find-a-Pro___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_PiclickV2-WebSearch___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_Discover___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%224
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\WhiteSmoke_New]

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22careerbuilder.com%22%2C%22dice.com%22%2C%2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22caree

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.installType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661007799818%22%2C%22onBe
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_7a8c28fb-6dca-45ef-b2aa-447585314796___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.513071897206828%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a6a17d9-e633-494a-8223-67bd0aae7d8e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.8798282218631357%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4d4e8180-5465-49dd-949d-39ee6d97bb2c___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.2230749148875475%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:10 pm

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1f229d03-6496-4ce6-82f7-9c0cafd83be3___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.23351907124742866%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_37a8a65b-0541-4bc7-9c3b-58f79058d8ea___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.20137591823004186%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a4190c9-e8bd-4d0f-8596-636137571359___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.13244452979415655%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%223%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_2111a221-643a-43e0-9dae-04069cacaacc___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.07503762491978705%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%224%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22loca
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_02e61e46-e29f-49fc-a646-c8f62d9c749e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.516193174989894%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi/%22%2C%22locale
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.embeddedsData"="%5B%7B%22appId%22%3A%22130068661007799818%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.installType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.startPageUrl"="http://search.conduit.com/?ctid=CT3303930&SearchSource=48&CUI=UN53688444329727152&UM=2"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.uninstallCommand"="C:\Users\Bertha\AppData\Local\Conduit\Chrome\CT3303930\UninstallerUI.exe"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_10000002___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl%22%7D%2C%22appId%22%3A%2210000002%22%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%2
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_de2f667e-2d0c-439e-a316-5d8359c5e64c___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22viewId%22%3A0.9077123028691858%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22icon%22%3A%22chrome-extension%3A//peloglcfgdfkabbnlaeolbgfejohochl/toolbarImages/http___storage_conduit_com_30_330_CT3303930_Images_635055245815330833.png%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl/%22%2C%22locale%22%3A%22en%22%7D%2C%22app
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.embeddedsData"="%5B%7B%22appId%22%3A%2210000002%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%22width%3A
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_6206f77f-5845-42cf-8ab8-901e442edc2e___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22viewId%22%3A0.7482029541861266%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22icon%22%3A%22chrome-extension%3A//peloglcfgdfkabbnlaeolbgfejohochl/toolbarImages/http___storage_conduit_com_30_330_CT3303930_Images_635055245815330833.png%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl/%22%2C%22locale%22%3A%22en%22%7D%2C%22app
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22careerbuilder.com%22%2C%22dice.com%22%2C%2
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_settings1.11.4.2"="%7B%22Status%22%3A%22succeeded%22%2C%22Data%22%3A%7B%22currentDate%22%3A%2220131118%22%2C%22interval%22%3A240%2C%22stamp%22%3A%221043_0%22%2C%22isTest%22%3Atrue%2C%22UserCountryCode%22%3A%22US%22%2C%22isWelcomeExperienceEnabledByDefault%22%3Atrue%2C%22HadPG%22%3Afalse%2C%22newAppsExperience%22%3Atrue%2C%22NewAppsBgColor%22%3A%22F7FEF4%22%2C%22tracking%22%3A%7B%22ga%22%3Atrue%2C%22db%22%3Atrue%7D%2C%22services%22%3A%5B%7B%22name%22%3A%22configuration%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/configuration%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%22%2C%22interval%22%3A240%7D%2C%7B%22name%22%3A%22appsData%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/appsdata%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%26%26local%3DEBLOCALE
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_localization"="%7B%22dialogOK%22%3A%7B%22Text%22%3A%22OK%22%7D%2C%22dmbox1%22%3A%7B%22Text%22%3A%22Deal%5Cr%5Cnof%20the%20day%22%7D%2C%22dmbox2%22%3A%7B%22Text%22%3A%22Free%5Cr%5CnShipment%22%7D%2C%22dmbullet1%22%3A%7B%22Text%22%3A%22Save%20money%22%7D%2C%22dmbullet2%22%3A%7B%22Text%22%3A%22Find%20what%27s%20right%20for%20you%22%7D%2C%22dmbullet3%22%3A%7B%22Text%22%3A%22Get%20the%20most%20out%20of%20the%20web%22%7D%2C%22DMprivacy%22%3A%7B%22Text%22%3A%22Value%20Apps%20may%20include%20Conduit%20apps%20and%20third-party%20apps.%20Click%20here%20for%20more%20information%20and%20privacy%20policies%22%7D%2C%22dmtitle%22%3A%7B%22Text%22%3A%22Let%20the%20Best%20Offers%5Cr%5CnCome%20Right%20to%20You%21%22%7D%2C%22gadgetContentPolicy%22%3A%7B%22Text%22%3A%22Content%20Policy%22%7D%2C%22gadgetDescriptionPrimary%22%3A%7B%22Text%22%3A%22Value%20Apps%20enriches%20your%20web%20experience%20by%20offering%20you%20great%20deals%2C%20c
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_settings1.11.5.1"="%7B%22Status%22%3A%22succeeded%22%2C%22Data%22%3A%7B%22currentDate%22%3A%2220131211%22%2C%22interval%22%3A240%2C%22stamp%22%3A%221043_0%22%2C%22isTest%22%3Atrue%2C%22UserCountryCode%22%3A%22US%22%2C%22isWelcomeExperienceEnabledByDefault%22%3Atrue%2C%22HadPG%22%3Afalse%2C%22newAppsExperience%22%3Atrue%2C%22NewAppsBgColor%22%3A%22F7FEF4%22%2C%22tracking%22%3A%7B%22ga%22%3Atrue%2C%22db%22%3Atrue%7D%2C%22services%22%3A%5B%7B%22name%22%3A%22configuration%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/configuration%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%22%2C%22interval%22%3A240%7D%2C%7B%22name%22%3A%22appsData%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/appsdata%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%26%26local%3DEBLOCALE
[HKEY_CURRENT_USER\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.response_cache"="%7B%22channel%22%3A%7B%22link%22%3A%22http%3A//windows.microsoft.com/en-us/internet-explorer/download-ie%22%2C%22description%22%3A%22Truffles%20By%20Conduit%22%2C%22source%22%3A%7B%22url%22%3A%22http%3A//windows.microsoft.com/en-us/internet-explorer/download-ie%22%7D%2C%22brownie%22%3A%7B%22referrer%22%3A%22http%3A//windows.microsoft.com/en-US/internet-explorer/download-ie%22%2C%22domain_type%22%3A%22tech%22%2C%22feed%22%3A%7B%22id%22%3A%22cccb91c9-a0af-4dfb-881e-da21de6fd8f9%22%2C%22length%22%3A8%2C%22comp_rec_id%22%3A%22d2eb51562a8e32cc149faf00c26b596f%22%7D%2C%22server%22%3A%7B%22name%22%3A%22ip-10-78-123-43%22%2C%22time%22%3A%222013-12-10%2008%3A54PM%22%7D%2C%22u%22%3A%7B%22uid%22%3A%2213854933463267446189%22%2C%22country_code%22%3A%22US%22%7D%2C%22providers_src%22%3A%22native%22%2C%22experiment%22%3A%7B%22experiment_id%22%3A%22default%22%2C%22scenario_id%22%3A%22191%22%7D%2C%22experiments%22%3A%5B%7B%2
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00282.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; w
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.encryptedgoogle.wajam_google_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00283.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] =
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.wikipedia.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'wikipedia'; window['WAJAM_SERVER_VERSION'] = '1.00284.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; wi
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN37900105254162392&UM=2&ctid=CT3303930"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="http://search.conduit.com?SearchSource=10&CUI=UN11646782568965937&UM=2&ctid=CT3289847&SSPV=TB_C5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{cc1bef2d-0428-46d8-b1f4-492e1b206099}"="http://search.conduit.com?SearchSource=10&CUI=UN37900105254162392&UM=2&ctid=CT3303930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.installType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2228.0.1500.72%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_7a8c28fb-6dca-45ef-b2aa-447585314796___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.513071897206828%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojhk
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a6a17d9-e633-494a-8223-67bd0aae7d8e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.8798282218631357%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_4d4e8180-5465-49dd-949d-39ee6d97bb2c___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.2230749148875475%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.12%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_1f229d03-6496-4ce6-82f7-9c0cafd83be3___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.23351907124742866%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_37a8a65b-0541-4bc7-9c3b-58f79058d8ea___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.20137591823004186%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_0a4190c9-e8bd-4d0f-8596-636137571359___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.13244452979415655%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%223%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_2111a221-643a-43e0-9dae-04069cacaacc___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.07503762491978705%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%224%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_02e61e46-e29f-49fc-a646-c8f62d9c749e___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%224908288088155535248%22%2C%22viewId%22%3A%220.516193174989894%22%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2227.0.1453.116%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22icon%22%3A%22chrome-extension%3A//klibnahbojhkanfgaglnlalfkgpcppfi/toolbarImages/http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.16.4.512%22%2C%22cID%22%3A%22klibnahbojh
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.embeddedsData"="%5B%7B%22appId%22%3A%22130068661007799818%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%2210
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.installType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.startPageUrl"="http://search.conduit.com/?ctid=CT3303930&SearchSource=48&CUI=UN53688444329727152&UM=2"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.uninstallCommand"="C:\Users\Bertha\AppData\Local\Conduit\Chrome\CT3303930\UninstallerUI.exe"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_10000002___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl%22%7D%2C%22appId%22%3A%2210000002%22%2C%22onBefo
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_de2f667e-2d0c-439e-a316-5d8359c5e64c___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22viewId%22%3A0.9077123028691858%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22icon%22%3A%22chrome-extension%3A//peloglcfgdfkabbnlaeolbgfejohochl/toolbarImages/http___storage_conduit_com_30_330_CT3303930_Images_635055245815330833.png%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl/%22%
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"CT3303930.embeddedsData"="%5B%7B%22appId%22%3A%2210000002%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\peloglcfgdfkabbnlaeolbgfejohochl\Repository]
"gadgetsContextHash_6206f77f-5845-42cf-8ab8-901e442edc2e___peloglcfgdfkabbnlaeolbgfejohochl"="%7B%22appId%22%3A%2210000002%22%2C%22viewId%22%3A0.7482029541861266%2C%22frameTitle%22%3A%22%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3303930%22%2C%22oID%22%3A%22CT3303930%22%2C%22name%22%3A%22ConnectSo%22%2C%22icon%22%3A%22chrome-extension%3A//peloglcfgdfkabbnlaeolbgfejohochl/toolbarImages/http___storage_conduit_com_30_330_CT3303930_Images_635055245815330833.png%22%2C%22downloadUrl%22%3A%22http%3A//ConnectSo.OurToolbar.com/%22%2C%22version%22%3A%2210.22.5.510%22%2C%22cID%22%3A%22peloglcfgdfkabbnlaeolbgfejohochl/%22%
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_appsConfig"="%7B%22AppsConfiguration%22%3A%5B%7B%22id%22%3A%22Clarity_Active%22%2C%22url%22%3A%22http%3A//storage.conduit.com/mam/3rdpartyapps/clarityRay/cr_active.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%2297874e9a-cc62-4cb4-8768-a0d099cf4794%22%2C%22domains%22%3A%5B%22*%22%5D%2C%22domainsException%22%3A%5B%22bing.%22%2C%22google.com%22%2C%22yahoo.%22%5D%7D%5D%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22Clarity%22%2C%22appDesc%22%3Anull%2C%22privacyPolicyUrl%22%3Anull%2C%22termsOfUseUrl%22%3Anull%7D%2C%22HiddenApp%22%3Atrue%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22JobsMiner%22%2C%22url%22%3A%22http%3A//jobsminer.com/collaborations/conduit/index2.html%22%2C%22scriptUrl%22%3Anull%2C%22criterias%22%3A%5B%7B%22criteriaId%22%3A%224f54bc7d-1348-49b4-beae-b45c411ccbb0%22%2C%22domains%22%3A%5B%22americasjobexchange.com%22%2C%22caree
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_settings1.11.4.2"="%7B%22Status%22%3A%22succeeded%22%2C%22Data%22%3A%7B%22currentDate%22%3A%2220131118%22%2C%22interval%22%3A240%2C%22stamp%22%3A%221043_0%22%2C%22isTest%22%3Atrue%2C%22UserCountryCode%22%3A%22US%22%2C%22isWelcomeExperienceEnabledByDefault%22%3Atrue%2C%22HadPG%22%3Afalse%2C%22newAppsExperience%22%3Atrue%2C%22NewAppsBgColor%22%3A%22F7FEF4%22%2C%22tracking%22%3A%7B%22ga%22%3Atrue%2C%22db%22%3Atrue%7D%2C%22services%22%3A%5B%7B%22name%22%3A%22configuration%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/configuration%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%22%2C%22interval%22%3A240%7D%2C%7B%22name%22%3A%22appsData%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/appsdata%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DE
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_localization"="%7B%22dialogOK%22%3A%7B%22Text%22%3A%22OK%22%7D%2C%22dmbox1%22%3A%7B%22Text%22%3A%22Deal%5Cr%5Cnof%20the%20day%22%7D%2C%22dmbox2%22%3A%7B%22Text%22%3A%22Free%5Cr%5CnShipment%22%7D%2C%22dmbullet1%22%3A%7B%22Text%22%3A%22Save%20money%22%7D%2C%22dmbullet2%22%3A%7B%22Text%22%3A%22Find%20what%27s%20right%20for%20you%22%7D%2C%22dmbullet3%22%3A%7B%22Text%22%3A%22Get%20the%20most%20out%20of%20the%20web%22%7D%2C%22DMprivacy%22%3A%7B%22Text%22%3A%22Value%20Apps%20may%20include%20Conduit%20apps%20and%20third-party%20apps.%20Click%20here%20for%20more%20information%20and%20privacy%20policies%22%7D%2C%22dmtitle%22%3A%7B%22Text%22%3A%22Let%20the%20Best%20Offers%5Cr%5CnCome%20Right%20to%20You%21%22%7D%2C%22gadgetContentPolicy%22%3A%7B%22Text%22%3A%22Content%20Policy%22%7D%2C%22gadgetDescriptionPrimary%22%3A%7B%22Text%22%3A%22Value%20Apps%20enriches%20your%20web%20experience%20by%20
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.mam_gk_settings1.11.5.1"="%7B%22Status%22%3A%22succeeded%22%2C%22Data%22%3A%7B%22currentDate%22%3A%2220131211%22%2C%22interval%22%3A240%2C%22stamp%22%3A%221043_0%22%2C%22isTest%22%3Atrue%2C%22UserCountryCode%22%3A%22US%22%2C%22isWelcomeExperienceEnabledByDefault%22%3Atrue%2C%22HadPG%22%3Afalse%2C%22newAppsExperience%22%3Atrue%2C%22NewAppsBgColor%22%3A%22F7FEF4%22%2C%22tracking%22%3A%7B%22ga%22%3Atrue%2C%22db%22%3Atrue%7D%2C%22services%22%3A%5B%7B%22name%22%3A%22configuration%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/configuration%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DEBBROWSERVERSION%22%2C%22interval%22%3A240%7D%2C%7B%22name%22%3A%22appsData%22%2C%22url%22%3A%22http%3A//clientservice.mam.conduit-services.com/appsdata%3Fctid%3DCT3303930%26stamp%3D1043_0%26country%3DUS%26browser%3DEBBROWSER%26browserversion%3DE
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit\ValueApps\CH\Repository]
"bck.valueApps.CT3303930.response_cache"="%7B%22channel%22%3A%7B%22link%22%3A%22http%3A//windows.microsoft.com/en-us/internet-explorer/download-ie%22%2C%22description%22%3A%22Truffles%20By%20Conduit%22%2C%22source%22%3A%7B%22url%22%3A%22http%3A//windows.microsoft.com/en-us/internet-explorer/download-ie%22%7D%2C%22brownie%22%3A%7B%22referrer%22%3A%22http%3A//windows.microsoft.com/en-US/internet-explorer/download-ie%22%2C%22domain_type%22%3A%22tech%22%2C%22feed%22%3A%7B%22id%22%3A%22cccb91c9-a0af-4dfb-881e-da21de6fd8f9%22%2C%22length%22%3A8%2C%22comp_rec_id%22%3A%22d2eb51562a8e32cc149faf00c26b596f%22%7D%2C%22server%22%3A%7B%22name%22%3A%22ip-10-78-123-43%22%2C%22time%22%3A%222013-12-10%2008%3A54PM%22%7D%2C%22u%22%3A%7B%22uid%22%3A%2213854933463267446189%22%2C%22country_code%22%3A%22US%22%7D%2C%22providers_src%22%3A%22native%22%2C%22experiment%22%3A%7B%22experiment_id%22%3A%22default%22%2C%22scenario_id%22%3A%22191
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00282.0'; window['W
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.encryptedgoogle.wajam_google_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00283.0'; win
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\Wajam]
"supported_sites.wikipedia.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.23'; window['WAJAM_AFFILIATE'] = '1401';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'wikipedia'; window['WAJAM_SERVER_VERSION'] = '1.00284.0'; window['WA
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com]
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&CUI=UN37900105254162392&UM=2&ctid=CT3303930"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Microsoft\Internet Explorer\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3]
"FaviconURL"="http://search.conduit.com/favicon.ico"

-= EOF =-
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby reddog1992000 » December 14th, 2013, 5:10 pm

I had to split up the SystemLook log
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Having Nurmerous Popups and Add On Browsers

Unread postby Gary R » December 14th, 2013, 7:26 pm

OK, lets get started on cleaning out your infection.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box. (do not include Code: Select all)
Code: Select all
:OTL
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3303930
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkot ... F990159&q= {searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{6CE70BD6-2ECB-4DA3-9568-B216DBAC642F}: "URL" = http://ws.infospace.com/playsushi_tbar/ ... eUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{869B363F-0D11-44AC-AE0A-68A4ECF8322D}: "URL" = http://asksearch.ask.com/redirect?clien ... apn_ptnrs= ^ATQ&apn_dtid=^YYYYYY^XG^US&apn_dbr=cr_26.0.1410.64&doi=2013-05-14&q={searchTerms}&
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor= {searchTerms}
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q= {searchTerms}&pr=prov&client_id=8AC4374001CC6281005C844D&install_time=2011-08-24T17:16:03Z&src_id=30046&camp_id=3057&tb_version=1.1.0000.2(B)
IE - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\SearchScopes\A9E2CB02D70F4885B8E9A4CBF3FC30E3: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3303930&CUI=UN37900105254162392&UM=2
FF - prefs.js..browser.search.selectedEngine: "Ask Search"
FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?l=dis&o=APN10740&gct=hp&apn_ptnrs=^ATQ&apn_dtid=^YYYYYY^XG^US&p2=^ATQ^YYYYYY^XG^US&tpid=ASI2-V6&apn_dbr=cr_26.0.1410.64&apn_uid=202880FC-E2E5-4997-8656-9066602E1E2B&itbv=11.8.1.507&doi=2013-05-14"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.defaultengine: "Ask Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2jffxtbr@RecipeHub_2j.com: C:\Program Files\RecipeHub_2j\bar\1.bin [2013/12/01 09:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files\BetterSurf\ff [2013/11/13 11:33:08 | 000,000,000 | ---D | M]
[2011/06/21 12:23:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/12/13 09:05:22 | 000,000,000 | ---D | M] (Recipe Hub) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\2jffxtbr@RecipeHub_2j.com
[2012/06/06 09:53:22 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\crossriderapp3491@crossrider.com
[2011/06/21 12:23:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com
[2012/01/20 12:22:47 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\inboxcomtoolbar@inbox.com
[2013/05/14 11:08:45 | 000,002,515 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\ask-search.xml
[2011/05/17 12:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (BetterSurf) - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files\BetterSurf\ie\BetterSurf.dll ()
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (no name) - {41534932-2D56-3600-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-262933362-4071809552-10700770-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-262933362-4071809552-10700770-1000..\Run: [PC Speed Maximizer] "C:\Program Files\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKU\S-1-5-21-262933362-4071809552-10700770-1000..\Run: [SPMTray] "C:\Program Files\PC Speed Maximizer\SPMTray.exe" File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
[2013/11/18 09:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Bertha\Desktop\*.tmp files -> C:\Users\Bertha\Desktop\*.tmp -> ]
[2013/08/20 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Betcat
[2013/05/14 11:08:58 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\OpenCandy
[2012/06/06 10:14:05 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\PC Speed Maximizer
[2012/11/06 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\uTorrent
[2013/08/12 02:36:14 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\Web Cake
[2013/07/29 07:41:13 | 000,000,000 | ---D | M] -- C:\Users\Bertha\AppData\Roaming\WebCake

:Files
C:\Users\Bertha\AppData\Roaming\Microsoft\Windows\Cookies\bertha@babylon[1].txt
C:\Users\Bertha\AppData\Local\Conduit]
C:\Users\Bertha\AppData\Local\ConduitEngine]
C:\Users\Bertha\AppData\LocalLow\Conduit]
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com]
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.idl
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.js 
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitToolbar.xpt 
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.gif
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.ico
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.PNG
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.src
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml 
C:\Windows\System32\ConduitEngine.tmp
C:\Program Files\Conduit
C:\ProgramData\Conduit
C:\Users\All Users\Conduit
C:\Users\Bertha\AppData\Local\Conduit
C:\Users\Bertha\AppData\Local\ConduitEngine
C:\Users\Bertha\AppData\LocalLow\Conduit
C:\Users\Bertha\AppData\Roaming\Mozilla\Firefox\Profiles\jw6ovv8n.default\extensions\engine@conduit.com
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Conduit]
[-HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\Conduit]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262933362-4071809552-10700770-1000\Software\WhiteSmoke_New]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewAutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewAutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WhiteSmoke_NewToolbarHelper_RASMANCS]
[-HKEY_USERS\S-1-5-21-262933362-4071809552-10700770-1000\Software\AppDataLow\Software\Conduit]

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • OTL fix log
  • ESET.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Having Nurmerous Popups and Add On Browsers

Unread postby Gary R » December 17th, 2013, 12:58 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware