Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Re: Unable to upload pics from my PC to my Program:staged.co

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby theprofitteam » June 4th, 2014, 12:35 am

Every time I boot up- I keep seeing the message that I have 44 malware "Searchlink" or something similar that has infected my Firefox. So, when I try to upload my gif images to my Staged.com program- I find that the mawlare freezes any further attempts to click anything- cannot even log out-- everything in this website is frozen. Not sure why Hitman Pro keeps "deleting" these malware plugins- and THEN next time I log on- they are all back again! I think Hitman Pro is not "deleting" the malware/ How do I permantently et rid of this malware, short of reformating my hard drive? Thank you! Courtenay f

I forgot to post the DS Log (BTW- I am using Windows 7 on my PC: I usuallyuse FIrefox as my browser):
DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16866 BrowserJavaVersion: 10.51.2
Run by poc at 22:30:45 on 2014-06-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1897 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe
C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\poc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\FastStone Capture\FSCapture.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uProxyOverride = <-loopback>
uURLSearchHooks: {2088f46c-e352-46dd-9434-bb81014359db} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {fee90072-01ea-4444-8fca-d460fe44f920} - <orphaned>
mURLSearchHooks: {2088f46c-e352-46dd-9434-bb81014359db} - <orphaned>
mURLSearchHooks: {fee90072-01ea-4444-8fca-d460fe44f920} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {2088f46c-e352-46dd-9434-bb81014359db} - <orphaned>
BHO: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe /autorun
uRun: [Facebook Update] "C:\Users\poc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SkyDrive] "C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [iLivid] "C:\Users\poc\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [DRL Sheduler] C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe /scheduler
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ChromeHelper] C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
StartupFolder: C:\Users\poc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\poc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\poc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\poc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FASTST~1.LNK - C:\Program Files (x86)\FastStone Capture\FSCapture.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://staged.com/
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\poc\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
.
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ds ... 698978&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ds ... 698978&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ds ... 978&ir=&q=
FF - user.js: extensions.mysearchdial.id - 000BE0F000ED9770
FF - user.js: extensions.mysearchdial.instlDay - 16127
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.019:3:11
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0202
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 204698978
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtD0B0EtD0FtDtDtD0E0DzyyByBtDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0202
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 204698978
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtD0B0EtD0FtDtDtD0E0DzyyByBtDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-30 55024]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-11-23 127752]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2013-11-28 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2013-11-28 1876816]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Update FindRight;Update FindRight;"C:\Program Files (x86)\FindRight\updateFindRight.exe" --> C:\Program Files (x86)\FindRight\updateFindRight.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-28 1255736]
.
=============== Created Last 30 ================
.
2014-06-03 04:16:56 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B5ABED3-07C0-4344-AD6E-9FB02D16CB97}\mpengine.dll
2014-06-01 16:22:28 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-31 04:50:37 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-05-27 05:36:59 -------- d-----w- C:\Users\poc\AppData\Roaming\com.pageone.Kudani
2014-05-27 05:36:40 -------- d-----w- C:\Program Files (x86)\PageOneTraffic
2014-05-25 03:15:27 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0B37BE5-0F8F-444C-864E-03B8EB446E0B}\gapaengine.dll
2014-05-18 04:29:37 58880 ----a-w- C:\Windows\SysWow64\dbrename7.exe
2014-05-18 04:29:28 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2014-05-18 04:29:28 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2014-05-18 04:29:28 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2014-05-18 04:29:28 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2014-05-17 18:52:12 -------- d-----w- C:\Program Files\Western Digital
2014-05-15 06:17:42 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 06:17:42 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 05:00:59 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2014-05-12 06:17:04 -------- d-----w- C:\Users\poc\AppData\Roaming\Software Defender
2014-05-12 05:48:26 -------- d-----w- C:\Program Files (x86)\Submit Equalizer
2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 06:54:46 -------- d-s---w- C:\Windows\System32\CompatTel
.s
Last edited by NonSuch on June 4th, 2014, 4:24 pm, edited 1 time in total.
Reason: Edited to merge content of second post with this post.
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am
Advertisement
Register to Remove

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby nunped » June 6th, 2014, 2:12 pm

Hello theprofitteam, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby nunped » June 6th, 2014, 2:18 pm

Hi theprofitteam,

Please run the following scans:
Step 1 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Report button to produce the scan report.
  5. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 6th, 2014, 2:24 pm

Thank you so much: I shall run this malware removal procedure this wekend. I so much appreciate your help.. I purchased Malwarebytes Anti Malware Pro-Lifetime and Avast!-- Have read they are amongh the best as well... Love this forum! God blkess... Courtenay
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby nunped » June 9th, 2014, 5:55 am

Hi theprotitteam,

Malwarebytes is a great tool, but please don't run it until I tell you to.
Remember that your topic will be closed if you don't reply to my instructions in 72 hours...
Thanks!
nunped
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 9th, 2014, 8:31 pm

Thank you: I ran the ADwCleaner- it got rid of a ton of stuff that Avast! missed (and hitman pro).. I shall try to find the print out and post it here. I still need to run the OTL program.
I It seems that one POSSIBLE issue is a thing that says wipecache=true.. This showed up when I was trying to choose a theme in the website staged.com Anyway- will have to run OTL andd yes, I shall wait before I install the malwarebytes anti malware program.... Thank you so much....


Courtenay
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 10th, 2014, 1:42 am

I have run the OTL & the AdwCleaner: I did the scan only for the OTL (NO cleaning!). I thinnk I messed up with the AdwCleaner, though: I see that it cleaned malware: I am enclosing the R0, R1,R2 (also have the So,S1,S2- if you need them). I am very sory if I did this incorrectly.... Anyway (upset with myself) I am copying and pasting the tiems you requested- if you don't want to help me - I understand.... Please accept my apology for not following the instructions exactly as you outlined :(

Here is the text:

OTL info:
OTL.txt:
OTL logfile created on: 6/9/2014 11:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\poc\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.69% Memory free
8.00 Gb Paging File | 5.72 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 413.57 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 19.90 Gb Free Space | 51.99% Space Free | Partition Type: NTFS
Drive E: | 390.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.73 Gb Total Space | 366.47 Gb Free Space | 78.69% Space Free | Partition Type: NTFS

Computer Name: POC-PC | User Name: poc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/09 22:59:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\poc\Downloads\OTL.com
PRC - [2014/06/05 21:05:52 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/05 00:03:41 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/06/04 23:52:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/14 22:55:34 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/05/14 00:07:22 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/09 22:36:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/05/09 16:23:24 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/12 10:43:39 | 001,876,816 | ---- | M] (SurfRight B.V.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/04/09 11:47:58 | 000,320,000 | ---- | M] (Photobucket) -- C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe
PRC - [2012/05/20 19:33:18 | 001,138,688 | ---- | M] (MAXA Research Int'l Inc.) -- C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
PRC - [2012/05/16 21:35:54 | 001,913,344 | ---- | M] () -- C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/09 21:55:58 | 000,043,008 | ---- | M] () -- c:\Users\poc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfplb6_.dll
MOD - [2014/06/04 23:52:29 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/05/15 00:14:13 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/05/15 00:14:13 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 00:14:13 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/14 00:07:21 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/09 22:36:18 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/26 18:48:45 | 013,901,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\e1a31634a43becfaae07ce060f2d215b\System.Data.Entity.ni.dll
MOD - [2014/02/26 18:48:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/26 18:48:28 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/26 18:48:28 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/26 18:48:28 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014/02/26 18:47:50 | 000,124,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windc7c43db6#\d41dabb3af6c9f57cf35d4d414591184\System.Windows.Interactivity.ni.dll
MOD - [2014/02/26 18:47:22 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/26 18:47:16 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 18:47:16 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/26 02:27:23 | 001,172,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\42e4e0c2624e0f686d87fa4011455fac\System.Data.OracleClient.ni.dll
MOD - [2014/02/26 02:27:20 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/26 02:27:19 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 02:27:19 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/26 02:27:17 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/26 02:27:13 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 02:27:12 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/26 02:27:09 | 001,861,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\b71ff7f0fb61d547d06ba13548d68748\System.Deployment.ni.dll
MOD - [2014/02/26 02:27:03 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 02:27:02 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 02:27:01 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 02:27:01 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 02:27:00 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 02:26:56 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 02:26:56 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/26 02:26:54 | 001,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e8f04d39ea7c8991d91498f2867f2c25\Microsoft.CSharp.ni.dll
MOD - [2014/02/26 02:26:54 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/26 02:26:54 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9c792f26e959188b200cd732e1c1d583\System.Dynamic.ni.dll
MOD - [2014/02/26 02:26:53 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 02:26:52 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 02:26:49 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 02:26:48 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 02:26:43 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/26 02:26:43 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2012/05/16 21:35:54 | 001,913,344 | ---- | M] () -- C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/12/19 20:19:56 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\MAXA Cookie Manager\DirectCOM.dll
MOD - [2010/12/19 20:16:06 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\MAXA Cookie Manager\sqlite36_engine.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/06/05 00:03:41 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/06/04 23:52:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/29 12:40:53 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 00:07:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 22:36:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/04/12 10:43:39 | 001,876,816 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe -- (hmpalertsvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/30 22:25:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/05 00:04:55 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/06/05 00:03:48 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/06/04 23:52:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/06/04 23:52:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/06/04 23:52:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/06/04 23:52:31 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/06/04 23:52:30 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/06/04 23:52:30 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/06/04 23:52:30 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/06/04 23:52:30 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/06/04 23:52:18 | 000,044,640 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswTap.sys -- (aswTap)
DRV:64bit: - [2014/04/28 03:33:58 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2014/04/12 10:43:39 | 000,093,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hmpalert.sys -- (hmpalert)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/16 22:43:28 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AA 46 A5 11 FE CE 01 [binary data]
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS557
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{9A3190D5-77A9-4E05-BC3F-2AEB4E23D2F8}: "URL" = http://ctrlq.org/google/?q={searchTerms}
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultenginename: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"
FF - prefs.js..browser.search.order.1: "Microsoft (Bing)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: maxacookie%40maxatools.com:5.3.04
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/05 00:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\maxacookie@maxatools.com: C:\Program Files (x86)\MAXA Cookie Manager\extension [2013/07/04 15:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files (x86)\Social Privacy\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/07/25 22:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Extensions
[2014/06/04 23:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions
[2014/05/13 22:34:04 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2014/05/28 00:12:13 | 000,212,462 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\jid0-f3OYUKmtG4wmVwkBHma48wARqig@jetpack.xpi
[2014/05/17 22:21:16 | 000,164,313 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\rankchecker@seobook.com.xpi
[2014/01/04 01:09:24 | 000,024,838 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\sm@submitter.net.xpi
[2014/06/03 23:19:06 | 000,533,636 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 23:06:18 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/02 20:49:21 | 000,150,579 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2014/06/04 23:57:44 | 000,005,830 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\bing-avast.xml
[2014/02/04 00:12:04 | 000,001,935 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\savefromnet---direct-links.xml
[2013/11/23 14:31:33 | 000,001,100 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\sweetpacks-a5-customized-web-search.xml
[2014/05/09 22:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 22:36:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/04 15:01:39 | 000,000,000 | ---D | M] (MAXA Cookie Manager) -- C:\PROGRAM FILES (X86)\MAXA COOKIE MANAGER\EXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.conduit.com/?ctid=CT33172 ... 7ED7&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Kudani FeedGrabber = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf\1.0_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: QuickPin = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhogoimaoahmedeeahleijnpljdbammj\0.1_0\
CHR - Extension: YouTube = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.17_0\
CHR - Extension: Local Rss Reader = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemddjmmnfebpkpkonmbkdmakilpkcid\0.1.8_0\
CHR - Extension: Google Search = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FromDocToPDF = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\8.27.3.62724_0\
CHR - Extension: MozBar = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp\3.0.69_0\
CHR - Extension: Search All = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.20_0\
CHR - Extension: Just Pin It = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe\1.2.5_0\
CHR - Extension: avast! Online Security = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: SearchPreview = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.4_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Find similar images = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\maajjfmghhdilbcfpicokkfaafoapicg\0.1.1_0\
CHR - Extension: Pinner for Pinterest = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiedfldbpmieeknpleihpglnhgonlni\1.95_0\
CHR - Extension: Google Wallet = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.5.1_0\
CHR - Extension: Google Quick Scroll = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.2.2_0\
CHR - Extension: Gmail = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Space Planet = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\

O1 HOSTS File: ([2014/06/04 23:19:51 | 000,450,029 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 updaterspro.com
O1 - Hosts: 127.0.0.1 browsersafeguard.com
O1 - Hosts: 127.0.0.1 thinkcreditreports.com
O1 - Hosts: 127.0.0.1 mindspark.com
O1 - Hosts: 127.0.0.1 loa.teebik.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 15474 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [DRL Sheduler] C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe ()
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe (MAXA Research Int'l Inc.)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [SkyDrive] C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8:64bit: - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found
O8:64bit: - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found
O8:64bit: - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66846920-3138-4505-81DF-830DA6BEFF14}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/29 15:16:26 | 000,000,113 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/07 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/07 22:56:00 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/07 22:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/07 22:55:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/07 22:55:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/07 22:55:52 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/07 22:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/06/06 23:46:14 | 000,000,000 | -HSD | C] -- C:\Jumpshot
[2014/06/06 23:42:21 | 000,000,000 | ---D | C] -- C:\Windows\jumpshot.com
[2014/06/06 22:24:43 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 22:18:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/05 00:04:11 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/06/05 00:03:41 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/06/04 23:53:36 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\AVAST Software
[2014/06/04 23:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/04 23:52:44 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/04 23:52:40 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1401947577172
[2014/06/04 23:52:40 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/04 23:52:40 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1401947577172
[2014/06/04 23:52:40 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/04 23:52:39 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/04 23:52:37 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/04 23:52:34 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/04 23:52:29 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/04 23:52:18 | 000,044,640 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\aswTap.sys
[2014/06/04 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/04 23:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/04 23:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TotalSystemCare
[2014/06/04 22:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/06/04 22:49:31 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/06/04 22:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/04 22:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/04 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Local\WeatherBug
[2014/06/04 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\WeatherBug
[2014/06/04 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2014/06/04 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2014/06/03 23:17:23 | 000,000,000 | R--D | C] -- C:\Users\poc\My SpeedyBackup SyncFolder
[2014/05/28 12:17:18 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\KUDANIBU
[2014/05/28 11:53:09 | 000,000,000 | ---D | C] -- C:\Users\poc\Documents\__MACOSX
[2014/05/28 00:26:14 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\kudani-images
[2014/05/28 00:23:44 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\kudani-install
[2014/05/27 23:07:20 | 000,000,000 | ---D | C] -- C:\Users\poc\Documents\kudani
[2014/05/26 23:36:59 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\com.pageone.Kudani
[2014/05/26 23:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageOneTraffic
[2014/05/26 23:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PageOneTraffic
[2014/05/17 22:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All-in-One Submission 9.0
[2014/05/17 22:29:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/05/17 12:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2014/05/15 00:17:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 00:17:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 00:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 20:11:36 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 20:11:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 20:11:19 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 20:11:18 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 20:11:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 20:11:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 20:11:17 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 20:11:17 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 20:11:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 20:11:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 20:11:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 20:11:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 20:11:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 20:11:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 20:11:15 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 20:11:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 20:11:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 20:11:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 20:11:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 20:11:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 20:11:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 20:11:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 20:11:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 20:11:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 20:11:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\STAGEDFRAMESSTAGES
[2014/05/12 00:17:04 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\Software Defender
[2014/05/11 23:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Submit Equalizer
[2014/05/11 23:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Submit Equalizer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/09 23:00:08 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Startup.job
[2014/06/09 23:00:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Scan.job
[2014/06/09 22:59:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/09 22:59:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/09 22:18:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1338860540-2610657624-1817482183-1000UA.job
[2014/06/09 22:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/09 22:03:17 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 22:03:17 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 21:58:11 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/09 21:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/09 21:55:00 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/07 22:55:39 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/07 22:55:36 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/07 22:55:36 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/07 22:55:35 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/06 23:46:51 | 008,912,896 | -HS- | M] () -- C:\Users\poc\.ghost-ntfs-3g-00000000000000000009
[2014/06/06 22:34:57 | 000,001,180 | ---- | M] () -- C:\Users\poc\Desktop\adwcleaner_3.212 - Shortcut.lnk
[2014/06/05 23:01:19 | 000,000,787 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/05 00:39:42 | 000,004,634 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/05 00:05:40 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/06/05 00:04:55 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/06/05 00:03:48 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/06/04 23:57:44 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/04 23:52:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/04 23:52:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/04 23:52:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/04 23:52:31 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1401947577172
[2014/06/04 23:52:31 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/04 23:52:30 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1401947577172
[2014/06/04 23:52:30 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/04 23:52:30 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/04 23:52:30 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/04 23:52:30 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/04 23:52:30 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/06/04 23:52:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/04 23:52:18 | 000,044,640 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\aswTap.sys
[2014/06/04 23:19:51 | 000,450,029 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/04 23:14:40 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/04 22:34:04 | 000,000,812 | ---- | M] () -- C:\Users\poc\Desktop\WeatherBug.lnk
[2014/06/03 23:53:20 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/01 21:04:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1338860540-2610657624-1817482183-1000Core.job
[2014/05/30 22:48:41 | 000,000,997 | ---- | M] () -- C:\Users\poc\Desktop\Traffic Travis v4.lnk
[2014/05/28 00:25:01 | 021,608,432 | ---- | M] () -- C:\Users\poc\Documents\kudani-images.zip
[2014/05/28 00:23:30 | 012,953,296 | ---- | M] () -- C:\Users\poc\Desktop\kudani-install.zip
[2014/05/27 21:46:10 | 000,001,009 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/26 23:36:53 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Kudani.lnk
[2014/05/25 22:28:43 | 000,786,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/25 22:28:43 | 000,665,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/25 22:28:43 | 000,123,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 22:29:40 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58 Scheduler.lnk
[2014/05/17 22:29:40 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58.lnk
[2014/05/15 21:33:15 | 000,000,884 | RHS- | M] () -- C:\Users\poc\ntuser.pol
[2014/05/14 00:07:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 00:07:22 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/11 23:58:08 | 000,000,062 | ---- | M] () -- C:\Windows\submitequalizer.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/09 21:57:01 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/07 09:57:22 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\SlimCleaner Scan.job
[2014/06/06 22:34:57 | 000,001,180 | ---- | C] () -- C:\Users\poc\Desktop\adwcleaner_3.212 - Shortcut.lnk
[2014/06/05 23:01:12 | 000,000,787 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/05 00:05:40 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/06/04 23:52:43 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/04 23:52:40 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/04 23:52:39 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/06/04 22:49:40 | 000,001,405 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/06/04 22:34:04 | 000,000,812 | ---- | C] () -- C:\Users\poc\Desktop\WeatherBug.lnk
[2014/06/03 23:53:20 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/03 22:46:18 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/05/28 11:52:58 | 021,608,432 | ---- | C] () -- C:\Users\poc\Documents\kudani-images.zip
[2014/05/28 00:23:18 | 012,953,296 | ---- | C] () -- C:\Users\poc\Desktop\kudani-install.zip
[2014/05/26 23:36:53 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Kudani.lnk
[2014/05/17 22:29:40 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58 Scheduler.lnk
[2014/05/17 22:29:40 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58.lnk
[2014/05/17 22:29:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\dbrename7.exe
[2014/05/11 23:49:33 | 000,000,062 | ---- | C] () -- C:\Windows\submitequalizer.ini
[2014/04/28 03:33:58 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/11/22 23:35:40 | 000,003,072 | ---- | C] () -- C:\Users\poc\AppData\Roaming\ARW.settings
[2013/10/07 23:40:24 | 000,000,485 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/14 23:54:46 | 000,000,884 | RHS- | C] () -- C:\Users\poc\ntuser.pol
[2013/09/13 01:31:48 | 000,778,596 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/28 23:54:24 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/28 23:54:24 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2013/05/28 20:25:33 | 008,912,896 | -HS- | C] () -- C:\Users\poc\.ghost-ntfs-3g-00000000000000000009
[2013/05/28 20:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
EXTRAS.txt:
OTL Extras logfile created on: 6/9/2014 11:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\poc\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.69% Memory free
8.00 Gb Paging File | 5.72 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 413.57 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 19.90 Gb Free Space | 51.99% Space Free | Partition Type: NTFS
Drive E: | 390.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.73 Gb Total Space | 366.47 Gb Free Space | 78.69% Space Free | Partition Type: NTFS

Computer Name: POC-PC | User Name: poc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24C48A2A-5865-446F-9FF1-972F25895B82}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{29A82011-C2E1-4E14-9E5E-07E775845B60}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A4E8EC4-9C37-445A-B72F-9CB0237A3693}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BA65EA26-04A9-4586-9A26-CAE411437C47}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{BBB45302-AE53-4175-9FC9-5D721EDE14B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08934250-01E1-4C93-BE52-F462EE0917A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22235E55-3ADC-475F-A181-07E734C4C800}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2DD1370B-BD28-4D3E-84FC-580F7032EC4F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{562A8B47-FDB2-4D5B-8668-9735D8C38576}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5D7CE943-C9EB-40EC-926F-2BADA8C1F347}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5EC68A7A-3895-4931-B3BE-4C41DBDB5246}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6F17190D-F63F-4DCE-9775-4A6D0548B3BD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{721C380B-E604-4144-A61E-1F56EE550A78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{760E76CA-C535-4DB3-9454-4AE1455C67C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{76719F00-19EA-4C29-9069-6C8BAFCDC198}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7B73B49D-1152-43C1-97CA-C49F09BB3DF4}" = protocol=17 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"{84644203-6415-4625-AE02-E5890E2E7C93}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{965425A4-6035-422B-8733-68C852EFC48E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9B2170D6-DFAC-4B60-BC5F-4E45E4D2E7C5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A2E013F6-16EB-40FF-9967-3F579F7CBCE5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AC9B13FD-9F9E-4A05-9D5A-0B7947FECB32}" = dir=in | app=c:\users\poc\appdata\local\microsoft\skydrive\skydrive.exe |
"{B6FC73F6-8EB6-4E3E-9C91-2372F847BFED}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C3416CF2-D13B-466F-B109-A46F84B21358}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DEBF34D3-FB5E-4FE3-8F61-7954385296CE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DF8E3376-8066-4E82-AB91-6F9EA9E0262E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E9D362F1-7A7B-4C61-9294-2F76B43903D1}" = protocol=6 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D83DA44E-FEEE-4FB5-95AA-7E274BE4B811}C:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FD958A80-001F-4085-9855-64D95B8F2EBE}C:\program files (x86)\wikirobot\wikirobot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wikirobot\wikirobot.exe |
"UDP Query User{E5D3EACA-D4CB-4304-80BF-6CA3BC1EF1E2}C:\program files (x86)\wikirobot\wikirobot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wikirobot\wikirobot.exe |
"UDP Query User{FCB9FC91-D289-48F4-82D1-AE7ED472966C}C:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E936B32-5120-412E-AC87-C1D3651E531F}" = WD SmartWare
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"HitmanPro.Alert" = HitmanPro.Alert
"HitmanPro37" = HitmanPro 3.7
"Microsoft Security Client" = Microsoft Security Essentials
"Software Informer_is1" = Software Informer 1.3.1031.0
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{303B9118-31A3-4E6C-9CAC-282F26E9633A}" = WikiRobot
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35C0A67C-F107-4700-A430-8956A692C3D4}" = Article Rewriter Wizard
"{37146DD2-013F-4344-82B6-F6D1F99C6F3E}" = SliQ Submitter Plus
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8172C743-5C09-CA2D-EBBC-F43897804D2F}" = Kudani
"{83BEF895-B385-4647-AB43-8DDE52291A21}" = SliQ Article Submitter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{955E709F-0C73-449C-A9F6-863D3C82FDA8}" = SlimCleaner
"{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
"{9af08980-8d36-4304-a8d0-53dc0c7d93a5}" = WD SmartWare Installer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5C92C15-F625-41E6-9646-245FA011E3DB}" = SlimComputer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = All-in-One Submission 9.58
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E44C453C-5B37-4F46-A8A8-69DF7D591BBE}" = TurboTax 2013 wnmiper
"{F149CF33-0074-4AF8-AC1C-AE51086D4E25}" = SliQ Link Clicker Lite
"{F181233F-67DF-4995-A159-EB81F2B5500B}" = WD Quick View
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon Kindle" = Amazon Kindle
"Avast" = avast! Internet Security
"ClassicFTP" = Classic FTP
"com.pageone.Kudani" = Kudani
"DLL Opener" = DLL Opener
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 7.6
"Google Chrome" = Google Chrome
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoPad" = PhotoPad Image Editor
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pixillion" = Pixillion Image Converter
"Submit Equalizer_is1" = Submit Equalizer 1.2.1
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"TurboTax 2013" = TurboTax 2013
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2014 2:53:31 PM | Computer Name = poc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9173

Error - 6/7/2014 2:53:31 PM | Computer Name = poc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9173

Error - 6/7/2014 11:54:15 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/7/2014 11:58:58 PM | Computer Name = poc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x536d63f3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x74c3e4e4 Faulting process id:
0xb30 Faulting application start time: 0x01cf82cd5122ee40 Faulting application path:
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: unknown Report Id: 3780ce70-eec1-11e3-bb87-000be0f000ed

Error - 6/8/2014 12:24:37 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/8/2014 10:37:46 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/8/2014 12:30:24 PM | Computer Name = poc-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1504 Start
Time: 01cf83364a147100 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 6/8/2014 12:41:15 PM | Computer Name = poc-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4b4 Start
Time: 01cf8336f364dce0 Termination Time: 8 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 6/8/2014 11:36:26 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/9/2014 12:44:21 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/9/2014 11:55:42 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =

[ Spybot - Search and Destroy Events ]
Error - 6/6/2014 1:01:19 AM | Computer Name = poc-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 2/17/2014 1:14:37 PM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WD
Backup service to connect.

Error - 2/17/2014 1:14:37 PM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7000
Description = The WD Backup service failed to start due to the following error:
%%1053

Error - 2/19/2014 4:14:31 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/20/2014 4:05:23 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/21/2014 3:45:54 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/22/2014 6:44:13 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/23/2014 3:30:18 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/24/2014 4:17:38 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =

Error - 2/25/2014 1:32:34 AM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 2/25/2014 4:25:13 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
I ran out of characters allowed; will follow up with R0,R1,R2 AdwCleaner files
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 10th, 2014, 1:45 am

Here are my AdwCleaner files: R0,R1,R2:
R0:
# AdwCleaner v3.212 - Report created 06/06/2014 at 22:24:10
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update FindRight

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\defaulttab.config
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\Askcom.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\MyStart Search.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\search.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\search-here.xml
File Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\user.js
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Found : C:\Windows\System32\Tasks\Digital Sites
File Found : C:\Windows\Tasks\Digital Sites.job
File Found : C:\Windows\Tasks\MySearchDial.job
Folder Found : C:\Program Files (x86)\BrowserSafeguard
Folder Found : C:\Program Files (x86)\viraltrafficfrenzy
Folder Found : C:\Program Files\Uninstaller
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\Users\poc\AppData\Local\AVG Secure Search
Folder Found : C:\Users\poc\AppData\Local\DefineExt
Folder Found : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\poc\AppData\Local\SwvUpdater
Folder Found : C:\Users\poc\AppData\LocalLow\Fast Free Converter
Folder Found : C:\Users\poc\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\poc\AppData\LocalLow\Vafmusic8
Folder Found : C:\Users\poc\AppData\LocalLow\viraltrafficfrenzy
Folder Found : C:\Users\poc\AppData\Roaming\DefaultTab
Folder Found : C:\Users\poc\AppData\Roaming\DigitalSites
Folder Found : C:\Users\poc\AppData\Roaming\DriverCure
Folder Found : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\InboxAce_1g
Folder Found : C:\Users\poc\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\poc\AppData\Roaming\viddyhd
Folder Found : C:\Users\poc\Desktop\staged
Folder Found : C:\Users\poc\Documents\PC Speed Maximizer
Folder Found : C:\Windows\System32\ljkb
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Vafmusic8
Key Found : HKCU\Software\AppDataLow\Software\viraltrafficfrenzy
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\mogmppbjfkngfoaecoialclfiabnpndg
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\InstalledThirdPartyPrograms
Key Found : [x64] HKCU\Software\SearchProtectINT
Key Found : [x64] HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\inbox.appserver
Key Found : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2517034
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mogmppbjfkngfoaecoialclfiabnpndg
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AE5410F-C57F-4FF7-8EE8-2A8F34E3B535}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C136A811-5A7E-465E-9F1F-6BAEE17219C3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C576B1-E7D8-4E53-8EA3-52817902D4E3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E056401C-B1D4-470F-8B38-50AA84218F13}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2088F46C-E352-46DD-9434-BB81014359DB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Found : HKLM\Software\speedypc software
Key Found : HKLM\Software\Vafmusic8
Key Found : HKLM\Software\viraltrafficfrenzy
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{2088F46C-E352-46DD-9434-BB81014359DB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FEE90072-01EA-4444-8FCA-D460FE44F920}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2088F46C-E352-46DD-9434-BB81014359DB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FEE90072-01EA-4444-8FCA-D460FE44F920}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]

Line Found : user_pref("CT3294791.FF19Solved", "true");
Line Found : user_pref("CT3294791.UserID", "UN59995115018443262");
Line Found : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3294791.fullUserID", "UN59995115018443262.IN.20130918112218");
Line Found : user_pref("CT3294791.installDate", "18/09/2013 11:22:44");
Line Found : user_pref("CT3294791.installSessionId", "{571ADC5A-5D51-4EB8-8204-6490030BA998}");
Line Found : user_pref("CT3294791.installSp", "TRUE");
Line Found : user_pref("CT3294791.installerVersion", "1.7.0.9");
Line Found : user_pref("CT3294791.keyword", "true");
Line Found : user_pref("CT3294791.originalSearchEngine", "SweetPacks Customized Web Search");
Line Found : user_pref("CT3294791.originalSearchEngineName", "SweetPacks Customized Web Search");
Line Found : user_pref("CT3294791.searchRevert", "false");
Line Found : user_pref("CT3294791.searchUserMode", "2");
Line Found : user_pref("CT3294791.smartbar.homepage", "true");
Line Found : user_pref("CT3294791.versionFromInstaller", "10.20.0.13");
Line Found : user_pref("CT3294791.xpeMode", "0");
Line Found : user_pref("CT3298573.FF19Solved", "true");
Line Found : user_pref("CT3298573.UserID", "UN42871386791476622");
Line Found : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3298573.fullUserID", "UN42871386791476622.IN.20130725225311");
Line Found : user_pref("CT3298573.installDate", "25/07/2013 22:53:10");
Line Found : user_pref("CT3298573.installSessionId", "{C5CCCAD1-7B2A-4329-865C-23B842B23E3B}");
Line Found : user_pref("CT3298573.installSp", "TRUE");
Line Found : user_pref("CT3298573.installerVersion", "1.5.4.4");
Line Found : user_pref("CT3298573.keyword", "true");
Line Found : user_pref("CT3298573.originalHomepage", "hxxps://www.sfimg.com/Home");
Line Found : user_pref("CT3298573.originalSearchAddressUrl", "");
Line Found : user_pref("CT3298573.originalSearchEngine", "AVG Secure Search");
Line Found : user_pref("CT3298573.originalSearchEngineName", "Google");
Line Found : user_pref("CT3298573.searchRevert", "false");
Line Found : user_pref("CT3298573.searchUserMode", "2");
Line Found : user_pref("CT3298573.smartbar.homepage", "true");
Line Found : user_pref("CT3298573.versionFromInstaller", "10.16.70.5");
Line Found : user_pref("CT3298573.xpeMode", "0");
Line Found : user_pref("CT3303001.FF19Solved", "true");
Line Found : user_pref("CT3303001.UserID", "UN22658497425539196");
Line Found : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3303001.fullUserID", "UN22658497425539196.IN.20131007231414");
Line Found : user_pref("CT3303001.installDate", "07/10/2013 23:14:28");
Line Found : user_pref("CT3303001.installSessionId", "{825091FB-1C78-4009-9201-142201EEDE6D}");
Line Found : user_pref("CT3303001.installSp", "TRUE");
Line Found : user_pref("CT3303001.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3303001.keyword", "true");
Line Found : user_pref("CT3303001.originalHomepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B3ecc0838-3e82-4a65-9fae-cc655a384948%7D&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2d[...]
Line Found : user_pref("CT3303001.originalSearchEngine", "AVG Secure Search");
Line Found : user_pref("CT3303001.originalSearchEngineName", "AVG Secure Search");
Line Found : user_pref("CT3303001.searchRevert", "false");
Line Found : user_pref("CT3303001.searchUserMode", "2");
Line Found : user_pref("CT3303001.smartbar.homepage", "true");
Line Found : user_pref("CT3303001.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3303001.xpeMode", "0");
Line Found : user_pref("CT3311667.FF19Solved", "true");
Line Found : user_pref("CT3311667.UserID", "UN86112564132490293");
Line Found : user_pref("CT3311667.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3311667.fullUserID", "UN86112564132490293.IN.20130920174508");
Line Found : user_pref("CT3311667.installDate", "20/09/2013 17:45:19");
Line Found : user_pref("CT3311667.installSessionId", "-1");
Line Found : user_pref("CT3311667.installSp", "TRUE");
Line Found : user_pref("CT3311667.installerVersion", "1.6.1.1");
Line Found : user_pref("CT3311667.keyword", "true");
Line Found : user_pref("CT3311667.originalHomepage", "about:home");
Line Found : user_pref("CT3311667.originalSearchAddressUrl", "");
Line Found : user_pref("CT3311667.originalSearchEngine", "");
Line Found : user_pref("CT3311667.originalSearchEngineName", "Vafmusic2 Customized Web Search");
Line Found : user_pref("CT3311667.searchRevert", "false");
Line Found : user_pref("CT3311667.searchUserMode", "2");
Line Found : user_pref("CT3311667.smartbar.homepage", "true");
Line Found : user_pref("CT3311667.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3311667.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks A5 Customized Web Search");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
Line Found : user_pref("extensions.1gffxtbr@InboxAce_1g.com.install-event-fired", true);
Line Found : user_pref("extensions.ffxtlbr@mysearchdial.com.install-event-fired", true);
Line Found : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394582881731");
Line Found : user_pref("extensions.fvd_singleseopack.b_surfcanyon", true);
Line Found : user_pref("extensions.irmysearch.aflt", "dsites0202");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtD0B0EtD0FtDtDtD0E0DzyyByBtDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Found : user_pref("extensions.irmysearch.cr", "204698978");
Line Found : user_pref("extensions.irmysearch.instlRef", "");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.firstKnownVersion", "5.75.3.5482");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.hp.user.defined", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installKeysSource", "LocalStorage");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installType", "XPI");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.installDate", "2014010207");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerId", "^YO^xdm135^S07867^us");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerSubId", "314029");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.pixelUrl", "hxxp://inboxace.dl.tb.ask.com/install_pixels.jhtml?partner=^YO^xdm135^S07867^us&coId=bae08607bbe0402eb0cd4aa9f29b0334");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.toolbarId", "8147B4D0-847C-4752-A848-0EE3C7AF7044");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.isCompliantUninstallImplementation", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.lastActivePing", "1401510502880");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.lastKnownVersion", "5.75.3.5482");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.partnerPixelFired", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.searchHistory", "Paradox Cash||staged.com||");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.toolbarCollapsed", false);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.weather.location", "87101");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "inboxace@mindspark.com");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Found : user_pref("smartbar.machineId", "/XMC2FNR9QYQKDSUWC+LFPLTL+YBTICFY1TSN8MR/XSUHVSK++5HC2ACGLRKEO+0XN1ME05TT4HF6ABAXZPZ5G");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82580&iwk=275&lng=en
Found [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=D60C3445-FD7E-4142-9AA8-13F8B2FBCC36&apn_sauid=03BF7D26-2B7F-4D9B-86D4-5EF9444637BF
Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : eibleipkbineaadpnemmalkahodjhdbd
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Found [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Found [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Found [Extension] : mogmppbjfkngfoaecoialclfiabnpndg
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Found [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj

*************************

AdwCleaner[R0].txt - [19554 octets] - [06/06/2014 22:24:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19615 octets] ##########
R1:

# AdwCleaner v3.212 - Report created 06/06/2014 at 22:36:16
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19752 octets] - [06/06/2014 22:24:10]
AdwCleaner[R1].txt - [819 octets] - [06/06/2014 22:36:16]
AdwCleaner[S0].txt - [19940 octets] - [06/06/2014 22:27:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [939 octets] ##########

R2:

# AdwCleaner v3.212 - Report created 07/06/2014 at 09:58:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19752 octets] - [06/06/2014 22:24:10]
AdwCleaner[R1].txt - [1018 octets] - [06/06/2014 22:36:16]
AdwCleaner[R2].txt - [882 octets] - [07/06/2014 09:58:40]
AdwCleaner[S0].txt - [19940 octets] - [06/06/2014 22:27:03]
AdwCleaner[S1].txt - [1080 octets] - [06/06/2014 22:37:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1062 octets] ##########
I shall try to send along the S0,S1,S2 files if possible in the next message- Thank you again for your kindnes in helping me! Courtenay in Albuquerque NMl
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 10th, 2014, 1:53 am

Here are the AdwCleaner S0, S1, S2 files (if hey are needful): S0:
S0:

# AdwCleaner v3.212 - Report created 06/06/2014 at 22:27:03
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update FindRight

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
Folder Deleted : C:\Program Files (x86)\viraltrafficfrenzy
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\poc\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\poc\AppData\Local\DefineExt
Folder Deleted : C:\Users\poc\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\poc\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\poc\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\poc\AppData\LocalLow\Vafmusic8
Folder Deleted : C:\Users\poc\AppData\LocalLow\viraltrafficfrenzy
Folder Deleted : C:\Users\poc\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\poc\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\poc\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\poc\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\poc\AppData\Roaming\viddyhd
Folder Deleted : C:\Users\poc\Desktop\staged
Folder Deleted : C:\Users\poc\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\InboxAce_1g
Folder Deleted : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
File Deleted : C:\END
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\defaulttab.config
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\Askcom.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\search.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\search-here.xml
File Deleted : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\Tasks\Digital Sites.job
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\Tasks\MySearchDial.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mogmppbjfkngfoaecoialclfiabnpndg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mogmppbjfkngfoaecoialclfiabnpndg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2517034
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2088F46C-E352-46DD-9434-BB81014359DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E7007A9-D556-4668-957D-A95836C91F8B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8CDD6A85-5E53-4115-91D2-9CF3FA5083A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C136A811-5A7E-465E-9F1F-6BAEE17219C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5C576B1-E7D8-4E53-8EA3-52817902D4E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E056401C-B1D4-470F-8B38-50AA84218F13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AE5410F-C57F-4FF7-8EE8-2A8F34E3B535}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{2088F46C-E352-46DD-9434-BB81014359DB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FEE90072-01EA-4444-8FCA-D460FE44F920}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2088F46C-E352-46DD-9434-BB81014359DB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FEE90072-01EA-4444-8FCA-D460FE44F920}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic8
Key Deleted : HKCU\Software\AppDataLow\Software\viraltrafficfrenzy
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\Vafmusic8
Key Deleted : HKLM\Software\viraltrafficfrenzy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]

Line Deleted : user_pref("CT3294791.FF19Solved", "true");
Line Deleted : user_pref("CT3294791.UserID", "UN59995115018443262");
Line Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3294791.fullUserID", "UN59995115018443262.IN.20130918112218");
Line Deleted : user_pref("CT3294791.installDate", "18/09/2013 11:22:44");
Line Deleted : user_pref("CT3294791.installSessionId", "{571ADC5A-5D51-4EB8-8204-6490030BA998}");
Line Deleted : user_pref("CT3294791.installSp", "TRUE");
Line Deleted : user_pref("CT3294791.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3294791.keyword", "true");
Line Deleted : user_pref("CT3294791.originalSearchEngine", "SweetPacks Customized Web Search");
Line Deleted : user_pref("CT3294791.originalSearchEngineName", "SweetPacks Customized Web Search");
Line Deleted : user_pref("CT3294791.searchRevert", "false");
Line Deleted : user_pref("CT3294791.searchUserMode", "2");
Line Deleted : user_pref("CT3294791.smartbar.homepage", "true");
Line Deleted : user_pref("CT3294791.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3294791.xpeMode", "0");
Line Deleted : user_pref("CT3298573.FF19Solved", "true");
Line Deleted : user_pref("CT3298573.UserID", "UN42871386791476622");
Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298573.fullUserID", "UN42871386791476622.IN.20130725225311");
Line Deleted : user_pref("CT3298573.installDate", "25/07/2013 22:53:10");
Line Deleted : user_pref("CT3298573.installSessionId", "{C5CCCAD1-7B2A-4329-865C-23B842B23E3B}");
Line Deleted : user_pref("CT3298573.installSp", "TRUE");
Line Deleted : user_pref("CT3298573.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3298573.keyword", "true");
Line Deleted : user_pref("CT3298573.originalHomepage", "hxxps://www.sfimg.com/Home");
Line Deleted : user_pref("CT3298573.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298573.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("CT3298573.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT3298573.searchRevert", "false");
Line Deleted : user_pref("CT3298573.searchUserMode", "2");
Line Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3298573.xpeMode", "0");
Line Deleted : user_pref("CT3303001.FF19Solved", "true");
Line Deleted : user_pref("CT3303001.UserID", "UN22658497425539196");
Line Deleted : user_pref("CT3303001.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303001.fullUserID", "UN22658497425539196.IN.20131007231414");
Line Deleted : user_pref("CT3303001.installDate", "07/10/2013 23:14:28");
Line Deleted : user_pref("CT3303001.installSessionId", "{825091FB-1C78-4009-9201-142201EEDE6D}");
Line Deleted : user_pref("CT3303001.installSp", "TRUE");
Line Deleted : user_pref("CT3303001.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3303001.keyword", "true");
Line Deleted : user_pref("CT3303001.originalHomepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B3ecc0838-3e82-4a65-9fae-cc655a384948%7D&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2d[...]
Line Deleted : user_pref("CT3303001.originalSearchEngine", "AVG Secure Search");
Line Deleted : user_pref("CT3303001.originalSearchEngineName", "AVG Secure Search");
Line Deleted : user_pref("CT3303001.searchRevert", "false");
Line Deleted : user_pref("CT3303001.searchUserMode", "2");
Line Deleted : user_pref("CT3303001.smartbar.homepage", "true");
Line Deleted : user_pref("CT3303001.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3303001.xpeMode", "0");
Line Deleted : user_pref("CT3311667.FF19Solved", "true");
Line Deleted : user_pref("CT3311667.UserID", "UN86112564132490293");
Line Deleted : user_pref("CT3311667.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311667.fullUserID", "UN86112564132490293.IN.20130920174508");
Line Deleted : user_pref("CT3311667.installDate", "20/09/2013 17:45:19");
Line Deleted : user_pref("CT3311667.installSessionId", "-1");
Line Deleted : user_pref("CT3311667.installSp", "TRUE");
Line Deleted : user_pref("CT3311667.installerVersion", "1.6.1.1");
Line Deleted : user_pref("CT3311667.keyword", "true");
Line Deleted : user_pref("CT3311667.originalHomepage", "about:home");
Line Deleted : user_pref("CT3311667.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311667.originalSearchEngine", "");
Line Deleted : user_pref("CT3311667.originalSearchEngineName", "Vafmusic2 Customized Web Search");
Line Deleted : user_pref("CT3311667.searchRevert", "false");
Line Deleted : user_pref("CT3311667.searchUserMode", "2");
Line Deleted : user_pref("CT3311667.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311667.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3311667.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks A5 Customized Web Search");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3314312");
Line Deleted : user_pref("extensions.1gffxtbr@InboxAce_1g.com.install-event-fired", true);
Line Deleted : user_pref("extensions.ffxtlbr@mysearchdial.com.install-event-fired", true);
Line Deleted : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394582881731");
Line Deleted : user_pref("extensions.fvd_singleseopack.b_surfcanyon", true);
Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites0202");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtD0B0EtD0FtDtDtD0E0DzyyByBtDtN0D0Tzu0SyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.irmysearch.cr", "204698978");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.firstKnownVersion", "5.75.3.5482");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.installDate", "2014010207");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerId", "^YO^xdm135^S07867^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerSubId", "314029");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.pixelUrl", "hxxp://inboxace.dl.tb.ask.com/install_pixels.jhtml?partner=^YO^xdm135^S07867^us&coId=bae08607bbe0402eb0cd4aa9f29b0334");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.toolbarId", "8147B4D0-847C-4752-A848-0EE3C7AF7044");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.lastActivePing", "1401510502880");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.lastKnownVersion", "5.75.3.5482");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.searchHistory", "Paradox Cash||staged.com||");
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._1gMembers_.weather.location", "87101");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "inboxace@mindspark.com");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.machineId", "/XMC2FNR9QYQKDSUWC+LFPLTL+YBTICFY1TSN8MR/XSUHVSK++5HC2ACGLRKEO+0XN1ME05TT4HF6ABAXZPZ5G");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82580&iwk=275&lng=en
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=D60C3445-FD7E-4142-9AA8-13F8B2FBCC36&apn_sauid=03BF7D26-2B7F-4D9B-86D4-5EF9444637BF
Deleted [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eibleipkbineaadpnemmalkahodjhdbd
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : klibnahbojhkanfgaglnlalfkgpcppfi
Deleted [Extension] : mogmppbjfkngfoaecoialclfiabnpndg
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj

*************************

AdwCleaner[R0].txt - [19752 octets] - [06/06/2014 22:24:10]
AdwCleaner[S0].txt - [19770 octets] - [06/06/2014 22:27:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19831 octets] ##########

S1:

# AdwCleaner v3.212 - Report created 06/06/2014 at 22:37:59
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19752 octets] - [06/06/2014 22:24:10]
AdwCleaner[R1].txt - [1018 octets] - [06/06/2014 22:36:16]
AdwCleaner[S0].txt - [19940 octets] - [06/06/2014 22:27:03]
AdwCleaner[S1].txt - [941 octets] - [06/06/2014 22:37:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1000 octets] ##########


S2:

# AdwCleaner v3.212 - Report created 07/06/2014 at 10:17:58
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : poc - POC-PC
# Running from : C:\Users\poc\Downloads\adwcleaner_3.212(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19752 octets] - [06/06/2014 22:24:10]
AdwCleaner[R1].txt - [1018 octets] - [06/06/2014 22:36:16]
AdwCleaner[R2].txt - [1142 octets] - [07/06/2014 09:58:40]
AdwCleaner[S0].txt - [19940 octets] - [06/06/2014 22:27:03]
AdwCleaner[S1].txt - [1080 octets] - [06/06/2014 22:37:59]
AdwCleaner[S2].txt - [1064 octets] - [07/06/2014 10:17:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1124 octets] ##########


Thank you again.... I just received the malware bytes anti malware (lifetime license- prior version) in the mail today: I did NOT install it per your instructions...

I have disabled Microsoft Essentials and now use Avast! as my anti-virus program...
BTW--- Hitman Pro DID get rid of the ransome ware I initially had... It automatically scans the browser I use for ransome ware... Not sure if I will renew my annual licsnese with it, thought (Dec 2014): I assue Avast! and the malware bytes anti-malware programs may get rid of ransome ware.... I think I see the value of OTL and AdwCleaner: They appear to find stuff that Avast and HitmanPro miss.... Amazing software: I assume they would cost a lot of money if they were on the "market"... God bless--- Courtenay in Albuquerque NM
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby nunped » June 10th, 2014, 7:32 am

Hi theprofitteam,

The issue with AdwCleaner and every other auto-clean program is that they can remove legit files. So, we prefer to take a look at its detections and then select what we want to remove. In your case, no harm was done, but please refrain from using it unassisted and pay close attention to my instructions.

After the following scan, please tell me how your computer is behaving.

Step 1 - SystemLook
Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *mysearch*
    *conduit*
    *viraltrafficfrenzy*
    *searchprotect*
    *defaulttab*
    *sweetpacks*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *mysearch*
    *conduit*
    *viraltrafficfrenzy*
    *searchprotect*
    *defaulttab*
    *sweetpacks*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    mysearch
    conduit
    viraltrafficfrenzy
    searchprotect
    defaulttab
    sweetpacks
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby theprofitteam » June 10th, 2014, 4:48 pm

Thank you- I shall do as you suggest- when I get home tonite (work 2 jobs).... Thank you so much!

:)
:)
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 11th, 2014, 1:08 am

I have run the SystemLook.exe program: Here are the resuts- thank you for your kind help:

SystemLook 04.09.10 by jpshortstuff
Log created at 22:48 on 10/06/2014 by poc
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Users\poc\Desktop\BKUPONCE\RESEARCH\RESEARCHQUESTIONS.docx --a---- 363412 bytes [04:35 28/09/2013] [06:09 28/09/2013] 634D39F85D0DCCBD8DB7C93FB3AC76BA

Searching for "*iLivid*"
C:\Downloads\Video\iLividSetup-r139-n-bf.exe --a---- 1751600 bytes [06:50 04/02/2014] [06:50 04/02/2014] A99ABB043DF796C6C941154EE858AAE9

Searching for "*whitesmoke*"
C:\Users\poc\Desktop\BKUPONCE\THECREAMOFTHECROP\Be An Awesome Sponsor_files\whitesmokeTools.htm --a---- 9827 bytes [03:32 05/08/2013] [03:32 05/08/2013] 03BDBCB82EEF40106B62A4D6B6EC2D9E

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*mysearch*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\Mysearchdial.xml.vir --a---- 2399 bytes [23:11 11/03/2014] [23:11 11/03/2014] 134867CF821A80EA7081DB24FD53057D
C:\AdwCleaner\Quarantine\C\Windows\Tasks\MySearchDial.job.vir --a---- 284 bytes [02:14 27/02/2014] [04:14 07/06/2014] 715D51493F33D07F21CA142ACDBEB452

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Images_634987008136319964_png.png.vir --a---- 1078 bytes [05:15 08/10/2013] [05:15 08/10/2013] 4EA6579BD649EF9B6B8AB042029EEE1E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_75_328_CT3287375_images_634987008347060626_24PX_png.png.vir --a---- 915 bytes [05:15 08/10/2013] [05:15 08/10/2013] 9C182B683F52150180D684C4FCCBA8DD
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Skins_634987002007583586_png.png.vir --a---- 213 bytes [05:15 08/10/2013] [05:15 08/10/2013] 23C389E60E5EC06927735ADFBD8CA40A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_96_330_CT3302996_Images_635047536228746924_png.png.vir --a---- 650 bytes [05:15 08/10/2013] [05:15 08/10/2013] 76019080C7059682DDF7DA3295C0D7DD
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_96_330_CT3302996_Images_635047536338260328_png.png.vir --a---- 1133 bytes [05:15 08/10/2013] [05:15 08/10/2013] 9460A39E27A5D38C9B56D8E7FD786A92
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_96_330_CT3302996_Images_635047536522810694_png.png.vir --a---- 825 bytes [05:15 08/10/2013] [05:15 08/10/2013] C634BCAA4EE250B8332DFE58CBEA785B
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png.vir --a---- 821 bytes [05:15 08/10/2013] [05:15 08/10/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png.vir --a---- 729 bytes [05:15 08/10/2013] [05:15 08/10/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png.vir --a---- 531 bytes [05:15 08/10/2013] [05:15 08/10/2013] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png.vir --a---- 669 bytes [05:15 08/10/2013] [05:15 08/10/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir --a---- 263 bytes [05:15 08/10/2013] [05:15 08/10/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir --a---- 734 bytes [05:15 08/10/2013] [05:15 08/10/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png.vir --a---- 562 bytes [05:15 08/10/2013] [05:15 08/10/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png.vir --a---- 493 bytes [05:15 08/10/2013] [05:15 08/10/2013] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir --a---- 706 bytes [05:15 08/10/2013] [05:15 08/10/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir --a---- 674 bytes [05:15 08/10/2013] [05:15 08/10/2013] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir --a---- 607 bytes [05:15 08/10/2013] [05:15 08/10/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif.vir --a---- 419 bytes [05:15 08/10/2013] [05:15 08/10/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_eula_png.png.vir --a---- 513 bytes [05:15 08/10/2013] [05:15 08/10/2013] F43944209A64CCD0C9B5A92743F0F787
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif.vir --a---- 403 bytes [05:15 08/10/2013] [05:15 08/10/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif.vir --a---- 414 bytes [05:15 08/10/2013] [05:15 08/10/2013] A9E001CBC00B06B121DFBC80707F5298
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif.vir --a---- 278 bytes [05:15 08/10/2013] [05:15 08/10/2013] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif.vir --a---- 405 bytes [05:15 08/10/2013] [05:15 08/10/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif.vir --a---- 405 bytes [05:15 08/10/2013] [05:15 08/10/2013] AA39D8A6B65E208901EBA9F3D4728D3E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif.vir --a---- 361 bytes [05:15 08/10/2013] [05:15 08/10/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif.vir --a---- 425 bytes [05:15 08/10/2013] [05:15 08/10/2013] 6427565C7105DC497287866100F260BB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif.vir --a---- 381 bytes [05:15 08/10/2013] [05:15 08/10/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif.vir --a---- 351 bytes [05:15 08/10/2013] [05:15 08/10/2013] C3EBA0237D68F665AF6D663906221092
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif.vir --a---- 399 bytes [05:15 08/10/2013] [05:15 08/10/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png.vir --a---- 617 bytes [05:15 08/10/2013] [05:15 08/10/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif.vir --a---- 405 bytes [05:15 08/10/2013] [05:15 08/10/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif.vir --a---- 371 bytes [05:15 08/10/2013] [05:15 08/10/2013] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif.vir --a---- 322 bytes [05:15 08/10/2013] [05:15 08/10/2013] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif.vir --a---- 240 bytes [05:15 08/10/2013] [05:15 08/10/2013] AE5A39669C623937C0839E079E1088D5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif.vir --a---- 335 bytes [05:15 08/10/2013] [05:15 08/10/2013] 766433EF38BDA83C4FD4932027A4B9D5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif.vir --a---- 204 bytes [05:15 08/10/2013] [05:15 08/10/2013] 5EBD213E8A460652C883CBF68C152B5B
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3303001.xml.vir --a---- 7036 bytes [05:15 08/10/2013] [05:15 08/10/2013] B86EE675A98BA0D9A99A00B673425CB5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3303001.xml.vir --a---- 5514 bytes [05:15 08/10/2013] [05:15 08/10/2013] 8DFE2D4108CDAF64D0DF5B878A6CD332
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3303001.xml.vir --a---- 6580 bytes [05:15 08/10/2013] [05:15 08/10/2013] D011177C1009D4F7719962BD54E7A33A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3303001.xml.vir --a---- 5513 bytes [05:15 08/10/2013] [05:15 08/10/2013] 654EB38C4447A59AFB941A489E7F87C8
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_634186249492193750_gif.gif.vir --a---- 26111 bytes [08:26 25/12/2013] [08:26 25/12/2013] 6B9F27FED76EEF7BA387F133F5910E19
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Bsilkset_emoticon_smile_gif-Silk_2-634185693735006250_gif.gif.vir --a---- 278 bytes [08:26 25/12/2013] [08:26 25/12/2013] DCF314E7B69C89185C3FB5E7FCDE55C0
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Bsilkset_help_gif-Silk_2-634185692615943750_gif.gif.vir --a---- 405 bytes [08:26 25/12/2013] [08:26 25/12/2013] B790CB863FFA631E916592105F803580
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Bsilkset_house_gif-Silk_2-634185687523131250_gif.gif.vir --a---- 396 bytes [08:26 25/12/2013] [08:26 25/12/2013] 5ADE1AD6EFD50E587705F9B5B0364622
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Csilkset_star_gif-Silk_3-634185696159068750_gif.gif.vir --a---- 377 bytes [08:26 25/12/2013] [08:26 25/12/2013] CA808AC722E949A7E645156EB175B9FF
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Csilkset_vcard_gif-Silk_3-634185697367193750_gif.gif.vir --a---- 384 bytes [08:26 25/12/2013] [08:26 25/12/2013] 6BFB88A304FF5B2AB08AC1F29E9107C1
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-Dsilkset_money_dollar_gif-Silk_3-634185688499537500_gif.gif.vir --a---- 365 bytes [08:26 25/12/2013] [08:26 25/12/2013] 397CA7BF65BB8DAB05A3D187D9210C74
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-silkset_cart_gif-Silk_1-634185691659850000_gif.gif.vir --a---- 384 bytes [08:26 25/12/2013] [08:26 25/12/2013] DB5318529C5E6127B81B6DFF9BE5AE11
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-silkset_chart_line_gif-Silk_1-634185690927037500_gif.gif.vir --a---- 338 bytes [08:26 25/12/2013] [08:26 25/12/2013] D299D4F3953342CC12B58FC1E112C751
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_Menu-silkset_chart_organisation_gif-Silk_1-634185696828443750_gif.gif.vir --a---- 333 bytes [08:26 25/12/2013] [08:26 25/12/2013] 37E49E506A228F0FA0B4A531FEC896D1
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_34_251_CT2517034_Images_SearchActivationButton-go_but03_gif-General-634320280411243750_gif.gif.vir --a---- 1852 bytes [08:26 25/12/2013] [08:26 25/12/2013] 3B73CCEB32599B34D7FF22626FEDF4A5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png.vir --a---- 821 bytes [08:26 25/12/2013] [08:26 25/12/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png.vir --a---- 729 bytes [08:26 25/12/2013] [08:26 25/12/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png.vir --a---- 531 bytes [08:26 25/12/2013] [08:26 25/12/2013] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png.vir --a---- 669 bytes [08:26 25/12/2013] [08:26 25/12/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir --a---- 263 bytes [08:26 25/12/2013] [08:26 25/12/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir --a---- 734 bytes [08:26 25/12/2013] [08:26 25/12/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png.vir --a---- 562 bytes [08:26 25/12/2013] [08:26 25/12/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png.vir --a---- 493 bytes [08:26 25/12/2013] [08:26 25/12/2013] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir --a---- 706 bytes [08:26 25/12/2013] [08:26 25/12/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir --a---- 674 bytes [08:26 25/12/2013] [08:26 25/12/2013] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir --a---- 607 bytes [08:26 25/12/2013] [08:26 25/12/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif.vir --a---- 419 bytes [08:27 25/12/2013] [08:27 25/12/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif.vir --a---- 403 bytes [08:26 25/12/2013] [08:26 25/12/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif.vir --a---- 414 bytes [08:26 25/12/2013] [08:26 25/12/2013] A9E001CBC00B06B121DFBC80707F5298
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif.vir --a---- 405 bytes [08:26 25/12/2013] [08:26 25/12/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif.vir --a---- 361 bytes [08:26 25/12/2013] [08:26 25/12/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif.vir --a---- 381 bytes [08:26 25/12/2013] [08:26 25/12/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif.vir --a---- 351 bytes [08:26 25/12/2013] [08:26 25/12/2013] C3EBA0237D68F665AF6D663906221092
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif.vir --a---- 399 bytes [08:26 25/12/2013] [08:26 25/12/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png.vir --a---- 617 bytes [08:26 25/12/2013] [08:26 25/12/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif.vir --a---- 405 bytes [08:26 25/12/2013] [08:26 25/12/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif.vir --a---- 371 bytes [08:26 25/12/2013] [08:26 25/12/2013] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif.vir --a---- 322 bytes [08:26 25/12/2013] [08:26 25/12/2013] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif.vir --a---- 606 bytes [08:26 25/12/2013] [08:26 25/12/2013] 2A1D4FB45F62D3D260F2134228FAB05E
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif.vir --a---- 240 bytes [08:26 25/12/2013] [08:26 25/12/2013] AE5A39669C623937C0839E079E1088D5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif.vir --a---- 335 bytes [08:26 25/12/2013] [08:26 25/12/2013] 766433EF38BDA83C4FD4932027A4B9D5
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif.vir --a---- 259 bytes [19:03 25/12/2013] [19:03 25/12/2013] 110EC9BCA8470D6488B626EA28914A6C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif.vir --a---- 204 bytes [08:27 25/12/2013] [08:27 25/12/2013] 5EBD213E8A460652C883CBF68C152B5B
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT2517034.xml.vir --a---- 7038 bytes [08:26 25/12/2013] [08:26 25/12/2013] 792CC42EDA0237A5500988AFD6D3C8FA
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT2517034.xml.vir --a---- 5515 bytes [08:26 25/12/2013] [08:26 25/12/2013] 1D8A2018152FBFDD085AED8DC5E2D8BC
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT2517034.xml.vir --a---- 6582 bytes [08:26 25/12/2013] [08:26 25/12/2013] 69773956CC6ABBF85BCB35BFE50E0DEB
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT2517034&UM=2.xml.vir --a---- 5514 bytes [08:26 25/12/2013] [08:26 25/12/2013] F6D3F46BDB4B43B2D8A544AB8C7C7DC4
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [23:50 12/02/2014] [23:50 12/02/2014] 5A2B082A760722E08042E3892D07690E
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_18_320_CT3201318_Images_634688351076901355_png.png --a---- 1408 bytes [05:01 08/10/2013] [05:01 08/10/2013] EBEB7FA24C02CFF6CB1FAE4746C5017B
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_Email_xml-10-Classic-633439771938243750_gif.gif --a---- 573 bytes [05:01 08/10/2013] [05:01 08/10/2013] 98A6A440A943BAC09445ECBB40E79EB1
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif --a---- 117 bytes [05:01 08/10/2013] [05:01 08/10/2013] D98754949232C20B38E52EC493111E9F
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [05:01 08/10/2013] [05:01 08/10/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [05:01 08/10/2013] [05:01 08/10/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [05:01 08/10/2013] [05:01 08/10/2013] A847C5F6CE2C700048749892DD2E0619
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [05:01 08/10/2013] [05:01 08/10/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [05:01 08/10/2013] [05:01 08/10/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [05:01 08/10/2013] [05:01 08/10/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [05:01 08/10/2013] [05:01 08/10/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [05:01 08/10/2013] [05:01 08/10/2013] 275C9DA2D536F18F528C80E050C3D705
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [05:01 08/10/2013] [05:01 08/10/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [05:01 08/10/2013] [05:01 08/10/2013] 650731EEF807C292E699779B12CBE552
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [05:01 08/10/2013] [05:01 08/10/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [05:01 08/10/2013] [05:01 08/10/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [05:01 08/10/2013] [05:01 08/10/2013] F43944209A64CCD0C9B5A92743F0F787
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [05:01 08/10/2013] [05:01 08/10/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [05:01 08/10/2013] [05:01 08/10/2013] A9E001CBC00B06B121DFBC80707F5298
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [05:01 08/10/2013] [05:01 08/10/2013] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [05:01 08/10/2013] [05:01 08/10/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [05:01 08/10/2013] [05:01 08/10/2013] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [05:01 08/10/2013] [05:01 08/10/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [05:01 08/10/2013] [05:01 08/10/2013] 6427565C7105DC497287866100F260BB
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [05:01 08/10/2013] [05:01 08/10/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [05:01 08/10/2013] [05:01 08/10/2013] C3EBA0237D68F665AF6D663906221092
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [05:01 08/10/2013] [05:01 08/10/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png --a---- 617 bytes [05:01 08/10/2013] [05:01 08/10/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [05:01 08/10/2013] [05:01 08/10/2013] 948781E4B6478290050ECA4423B89B1E
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png --a---- 1749 bytes [05:01 08/10/2013] [05:01 08/10/2013] 4E07765DAE6EF5004CC1821A6DA22B32
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif --a---- 204 bytes [05:01 08/10/2013] [05:01 08/10/2013] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3311834.xml --a---- 7036 bytes [05:01 08/10/2013] [05:01 08/10/2013] B86EE675A98BA0D9A99A00B673425CB5
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3311834.xml --a---- 5514 bytes [05:01 08/10/2013] [05:01 08/10/2013] 8DFE2D4108CDAF64D0DF5B878A6CD332
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3311834.xml --a---- 6580 bytes [05:01 08/10/2013] [05:01 08/10/2013] D011177C1009D4F7719962BD54E7A33A
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3311834.xml --a---- 5513 bytes [05:01 08/10/2013] [05:01 08/10/2013] 654EB38C4447A59AFB941A489E7F87C8
C:\Users\poc\Desktop\BKUPONCE\THECREAMOFTHECROP\Be An Awesome Sponsor_files\conduittlb_023.js --a---- 98892 bytes [03:32 05/08/2013] [03:32 05/08/2013] D1B21D757DF80F15B21CFFA5C82BCF84
C:\Users\poc\Desktop\BKUPONCE\THECREAMOFTHECROP\Be An Awesome Sponsor_files\sf_conduit_loader.htm --a---- 7966 bytes [03:32 05/08/2013] [03:32 05/08/2013] 215A3B57AE9F542B998AE4313F4E06FB
C:\Users\poc\Desktop\PLRWholesaler.com_files\sf_conduit_mam_app.htm --a---- 4830 bytes [21:56 25/12/2013] [21:56 25/12/2013] AE099BDDF378819F8DA30590786D63F7

Searching for "*viraltrafficfrenzy*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\viraltrafficfrenzy\viraltrafficfrenzyToolbarHelper.exe.vir --a---- 86816 bytes [16:53 06/11/2013] [16:53 06/11/2013] 943F313974A830D4634C73BEB8103F5E

Searching for "*searchprotect*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\NewSearchProtectorDialog\SearchProtector.css.vir --a---- 3290 bytes [17:20 12/06/2013] [17:20 12/06/2013] 3207F2DDCDC729F05E4095DC9D79497C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\NewSearchProtectorDialog\SearchProtector.js.vir --a---- 10970 bytes [17:20 12/06/2013] [17:20 12/06/2013] C0ECC7B7922AE2D9F8E0160C9152B0DE
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorDialog\SearchProtector.css.vir --a---- 1702 bytes [18:25 31/07/2011] [18:25 31/07/2011] 30B6213E5CC1BF8EF0837746F11E7094
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorDialog\SearchProtector.js.vir --a---- 6955 bytes [20:57 15/08/2011] [20:57 15/08/2011] 9939730BBCE8C3FDD43719466581DE40
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css.vir --a---- 2445 bytes [17:20 12/06/2013] [17:20 12/06/2013] 615784EC0F9F3322A1865ABD3DF0E2AA
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js.vir --a---- 3857 bytes [17:20 12/06/2013] [17:20 12/06/2013] 8CF24B278DA351A7D641901D11D37884
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\NewSearchProtectorDialog\SearchProtector.css.vir --a---- 3290 bytes [18:20 12/06/2013] [18:20 12/06/2013] 3207F2DDCDC729F05E4095DC9D79497C
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\NewSearchProtectorDialog\SearchProtector.js.vir --a---- 10970 bytes [18:20 12/06/2013] [18:20 12/06/2013] C0ECC7B7922AE2D9F8E0160C9152B0DE
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorDialog\SearchProtector.css.vir --a---- 1702 bytes [19:25 31/07/2011] [19:25 31/07/2011] 30B6213E5CC1BF8EF0837746F11E7094
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorDialog\SearchProtector.js.vir --a---- 6955 bytes [21:57 15/08/2011] [21:57 15/08/2011] 9939730BBCE8C3FDD43719466581DE40
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css.vir --a---- 2445 bytes [18:20 12/06/2013] [18:20 12/06/2013] 615784EC0F9F3322A1865ABD3DF0E2AA
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js.vir --a---- 3857 bytes [18:20 12/06/2013] [18:20 12/06/2013] 8CF24B278DA351A7D641901D11D37884
C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\CT3294791\CT3294791.searchProtectorData --a---- 0 bytes [02:03 27/02/2014] [02:03 27/02/2014] D41D8CD98F00B204E9800998ECF8427E

Searching for "*defaulttab*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\defaulttab.config.vir --a---- 15062 bytes [05:06 26/02/2014] [05:06 26/02/2014] CE2874AD664F5BA26D8AB590DC4C8BDC
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll --a---- 254976 bytes [05:54 15/09/2013] [07:00 30/11/1979] 69CCC6EBC15F9CBBEE641AE13F33FE4F
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll --a---- 254976 bytes [04:17 17/09/2013] [07:00 30/11/1979] F901B1AC51397132E4C5A79682AF5E9B
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll --a---- 254976 bytes [05:14 08/10/2013] [07:00 30/11/1979] B59210158C1ADE09DAE878E3C3D9DD72

Searching for "*sweetpacks*"
C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\sweetpacks-a5-customized-web-search.xml --a---- 1100 bytes [05:48 09/11/2013] [20:31 23/11/2013] 46292B723DFC72518FDADD3282E3D16D

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*mysearch*"
No folders found.

Searching for "*conduit*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Repository\conduit_CT3303001_CT3303001 d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Repository\conduit_CT3303001_en d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Repository\conduit_CT2517034_CT2517034 d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Repository\conduit_CT2517034_en d------ [04:27 07/06/2014]
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\Repository\conduit_CT3311834_CT3311834 d------ [05:01 08/10/2013]
C:\Users\poc\AppData\LocalLow\Installl_Converter_A\Repository\conduit_CT3311834_en d------ [05:01 08/10/2013]

Searching for "*viraltrafficfrenzy*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\viraltrafficfrenzy d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy d------ [04:27 07/06/2014]

Searching for "*searchprotect*"
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\NewSearchProtectorDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorBubbleDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\Vafmusic8\Dialogs\SearchProtectorRetakeoverDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\NewSearchProtectorDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorBubbleDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorDialog d------ [04:27 07/06/2014]
C:\AdwCleaner\Quarantine\C\Users\poc\AppData\LocalLow\viraltrafficfrenzy\Dialogs\SearchProtectorRetakeoverDialog d------ [04:27 07/06/2014]

Searching for "*defaulttab*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069c61c d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069cabd d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069cf8e d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_11119ecd d----c- [19:41 20/09/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_7a77ba4753855cca38d240443ec3701fb25a59b5_0069d46e d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069d94e d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069de0e d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069e2c0 d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069e780 d----c- [19:44 26/10/2013]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069ec41 d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069c61c d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069cabd d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_0069cf8e d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_63234f59f779f9c5247c69c7ca34c2bfd9befb4_11119ecd d----c- [19:41 20/09/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_7a77ba4753855cca38d240443ec3701fb25a59b5_0069d46e d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069d94e d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069de0e d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069e2c0 d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069e780 d----c- [19:44 26/10/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_DefaultTabSearch_998443f1ea5ee03d6a5837f51c1df965bbe0cabc_0069ec41 d----c- [19:44 26/10/2013]

Searching for "*sweetpacks*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\"Software\iLivid]
[HKEY_CURRENT_USER\"Software\iLivid\iLivid"]
[HKEY_CURRENT_USER\Software\FreeDownloadManager.ORG\Free Download Manager\Settings\Network\Bittorrent]
"OldTorrentAssocString"="C:\Users\poc\AppData\Local\iLivid\iLivid.exe "%1""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\875fc6ed_0]
@="{0.0.0.00000000}.{176a9d62-b0e3-43d3-8976-4db20a61cb45}|\Device\HarddiskVolume3\Users\poc\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\poc\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\poc\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Classes\Magnet]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe",0"
[HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
@="iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(10).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(11).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(14).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(3).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(4).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(6).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r139-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r418-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet]
@="iLivid.torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FreeDownloadManager.ORG\Free Download Manager\Settings\Network\Bittorrent]
"OldTorrentAssocString"="C:\Users\poc\AppData\Local\iLivid\iLivid.exe "%1""
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\"Software\iLivid]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\"Software\iLivid\iLivid"]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\FreeDownloadManager.ORG\Free Download Manager\Settings\Network\Bittorrent]
"OldTorrentAssocString"="C:\Users\poc\AppData\Local\iLivid\iLivid.exe "%1""
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\875fc6ed_0]
@="{0.0.0.00000000}.{176a9d62-b0e3-43d3-8976-4db20a61cb45}|\Device\HarddiskVolume3\Users\poc\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\poc\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\poc\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Classes\.torrent]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Classes\Magnet]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Classes\Magnet\DefaultIcon]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe",0"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Classes\Magnet\shell\open\command]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe" "%1""
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000_Classes\.torrent]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000_Classes\Magnet]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000_Classes\Magnet\DefaultIcon]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe",0"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000_Classes\Magnet\shell\open\command]
@=""C:\Users\poc\AppData\Local\iLivid\iLivid.exe" "%1""

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
TOO MANY CHARACTERS- will cut and paste the remainder in my next post/reply :(
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 11th, 2014, 1:09 am

Here are more characters/ script:

Searching for "mysearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3311834&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial\iestrg]
"prdct"="mysearchdial"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial\iestrg]
"prtnrid"="mysearchdial"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994FB08B-DFF6-40F5-AE7F-D551E534450F}]
"Path"="\MySearchDial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>Google</title>
<link type="text/css" rel="stylesheet" media="screen" href="http://www.mysearchresults.com/assets/css/styles2.css" />
</head>
<body>
<div class="container">
<div class="wrapper">
<form class="search" method="get" action="http://www.google.com/search">
<div class="none">
<input type="hidden" name="form" value="ARRDSB" />
<input type="hidden" name="pc" value="ARRD" />
</div><!--/.none-->
<div class="logo">
<img src="http://www.google.com/intl/en_com/images/srpr/logo3w.png" />
</div><!--/.logo-->
<dl>
<dt>
<input type="text" name="q" autofocus="" />

[HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar]
"CurrentHomepage"="http://mysearch.avg.com?cid={29BCE740-7FFD-4B4D-A4EC-7ECF1E62FEE7}&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-11-04 23:02:29&v=17.0.1.12&pid=safeguard&sg=0&sap=hp"
[HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar]
"CurrentSearchProvider"="http://mysearch.avg.com/search?cid={29BCE740-7FFD-4B4D-A4EC-7ECF1E62FEE7}&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-11-04 23:02:29&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3311834&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial\iestrg]
"prdct"="mysearchdial"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial\mysearchdial\iestrg]
"prtnrid"="mysearchdial"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>Google</title>
<link type="text/css" rel="stylesheet" media="screen" href="http://www.mysearchresults.com/assets/css/styles2.css" />
</head>
<body>
<div class="container">
<div class="wrapper">
<form class="search" method="get" action="http://www.google.com/search">
<div class="none">
<input type="hidden" name="form" value="ARRDSB" />
<input type="hidden" name="pc" value="ARRD" />
</div><!--/.none-->
<div class="logo">
<img src="http://www.google.com/intl/en_com/images/srpr/logo3w.png" />
</div><!--/.logo-->
<dl>
<dt>
<input type="text" name="q" autofocus="" />

[HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar]
"CurrentHomepage"="http://mysearch.avg.com?cid={29BCE740-7FFD-4B4D-A4EC-7ECF1E62FEE7}&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-11-04 23:02:29&v=17.0.1.12&pid=safeguard&sg=0&sap=hp"
[HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar]
"CurrentSearchProvider"="http://mysearch.avg.com/search?cid={29BCE740-7FFD-4B4D-A4EC-7ECF1E62FEE7}&mid=efb9fd70db2347d3ab4ad142a614e91e-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-11-04 23:02:29&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834_CT3311834]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834_en]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\1918252794]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\2025944986]
"dbname"="conduit_CT3311834_en"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\2961362206]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\3189794847]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\31955339]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\3805956560]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\4077347159]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\4138538387]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\807844890]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3311834&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3311834_mam_html_ctid=CT3311834]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\BackHandStorage\IndexTable\3624280228]
"value"="LOCAL_COOKIE_THROTTLE_BASEloopback|http://up.autocompleteplus.com/up?q=faststone%2Bcapture%2Bserial%2Bnumber&l=www.fixya.com&t=2&v=0.4&d=conduit2"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3311834"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="FALSE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3311834&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3311834&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=2"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.16.2.2/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USCA0967</LOCATION_ID><DAYS><DAY1><DATE>20131007</DATE><DAY>Monday</DAY><F_MIN>51</F_MIN><F_MAX>83</F_MAX><C_MIN>11</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>6:39 pm</SUNSET><SUNRISE>7:08 am</SUNRISE><MOONRISE>10:02 am</MOONRISE><MOONSET>8:31 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20131008</DATE><DAY>Tuesday</DAY><F_MIN>52</F_MIN><F_MAX>81</F_MAX><C_MIN>11</C_MIN><C_MAX>27</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>6:38 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>11:07 am</MOONRISE><MOONSET>9:22 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRI
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="bing.com conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff]
"item"="ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff]
"command"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko]
"item"="ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko]
"command"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3294791\plugins\TBVerifier.dll",RunConduitFloatingPlugin cbjibcbpmbcabnfnohhgjjmkgkimajko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim]
"item"="ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim]
"command"=""C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"2D6317878F0F5264AAF3277D97A58C24"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4542C1-99D6-439D-ADBE-75A98FFBB8D8}]
"AppPath"="C:\Users\poc\AppData\Local\Conduit\CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834_CT3311834]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\conduit_CT3311834_en]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\1918252794]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\2025944986]
"dbname"="conduit_CT3311834_en"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\2961362206]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\3189794847]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\31955339]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\3805956560]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\4077347159]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\4138538387]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Repository\MetaData\807844890]
"dbname"="conduit_CT3311834_CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3311834&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\BackHandStorage\http___app_mam_conduit_com_getapp_CT3311834_mam_html_ctid=CT3311834]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\BackHandStorage\IndexTable\3624280228]
"value"="LOCAL_COOKIE_THROTTLE_BASEloopback|http://up.autocompleteplus.com/up?q=faststone%2Bcapture%2Bserial%2Bnumber&l=www.fixya.com&t=2&v=0.4&d=conduit2"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3311834"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="FALSE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
"NotFoundUrl"="http://search.conduit.com/corse/?ctid=CT3311834&octid=EB_ORIGINAL_CTID&SearchSource=11&CUI=SB_CUI&SSPV=EB_SSPV&Lay=LAY_ID&UM=2&fq=FQ_TERM&SAT=SAT_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\SearchInNewTab]
"AboutTabsPageUrl"="http://search.conduit.com/?ctid=CT3311834&octid=EB_ORIGINAL_CTID&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=2"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.16.2.2/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.505/tbedrs.dll"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>USCA0967</LOCATION_ID><DAYS><DAY1><DATE>20131007</DATE><DAY>Monday</DAY><F_MIN>51</F_MIN><F_MAX>83</F_MAX><C_MIN>11</C_MIN><C_MAX>28</C_MAX><UV_DESCRIPTION>High</UV_DESCRIPTION><UV_INDEX>6</UV_INDEX><SUNSET>6:39 pm</SUNSET><SUNRISE>7:08 am</SUNRISE><MOONRISE>10:02 am</MOONRISE><MOONSET>8:31 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Partly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/partly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20131008</DATE><DAY>Tuesday</DAY><F_MIN>52</F_MIN><F_MAX>81</F_MAX><C_MIN>11</C_MIN><C_MAX>27</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>5</UV_INDEX><SUNSET>6:38 pm</SUNSET><SUNRISE>7:09 am</SUNRISE><MOONRISE>11:07 am</MOONRISE><MOONSET>9:22 pm</MOONSET><MOON_PHASE>Waxing Crescent</MOON_PHASE><CONDITION_DES
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="bing.com conduit.com"

Searching for "viraltrafficfrenzy"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\viraltrafficfrenzy]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\viraltrafficfrenzy]


Searching for "searchprotect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
"item"="SearchProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
"command"="C:\Users\poc\AppData\Roaming\SearchProtect\bin\cltmng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
"item"="SearchProtectAll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
"command"="C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"

Searching for "defaulttab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}]
@="IDefaultTabBrowserActiveX"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.firstrun"="false"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.tabsearchbox"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.newtabsearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.searchinnewtab"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.firstSearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.channel"="2355"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.setdefaultsearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.sethomepage"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.forcekeywordsearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.overridekeywordsearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.overridechromesearch"="true"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.yw3i"=""
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.keyword.URL"="chrome://defaulttab/content/keywordURL.xul?"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.installedVersion"="1.4.0"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>Google</title>
<link type="text/css" rel="stylesheet" media="screen" href="http://www.mysearchresults.com/assets/css/styles2.css" />
</head>
<body>
<div class="container">
<div class="wrapper">
<form class="search" method="get" action="http://www.google.com/search">
<div class="none">
<input type="hidden" name="form" value="ARRDSB" />
<input type="hidden" name="pc" value="ARRD" />
</div><!--/.none-->
<div class="logo">
<img src="http://www.google.com/intl/en_com/images/srpr/logo3w.png" />
</div><!--/.logo-->
<dl>
<dt>
<input type="text" name="q" autofocus="" />

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"="Google"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zInstallTime"="1379310899"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zInitTimer"="false"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.browserID"="DE19B15C257C0767B8F8A77249071E8C"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.browser_version"="10"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.DefaultScope"=""
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zREMDefaultScope"=""
[HKEY_USERS\.DEFAULT\Software\DefaultTab]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
@="DefaultTabBHO"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.firstrun"="false"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.tabsearchbox"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.newtabsearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.searchinnewtab"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.firstSearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.channel"="2355"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.setdefaultsearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.sethomepage"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.forcekeywordsearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.overridekeywordsearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.overridechromesearch"="true"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.yw3i"=""
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.keyword.URL"="chrome://defaulttab/content/keywordURL.xul?"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.installedVersion"="1.4.0"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.znew_tab_content"="<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<title>Google</title>
<link type="text/css" rel="stylesheet" media="screen" href="http://www.mysearchresults.com/assets/css/styles2.css" />
</head>
<body>
<div class="container">
<div class="wrapper">
<form class="search" method="get" action="http://www.google.com/search">
<div class="none">
<input type="hidden" name="form" value="ARRDSB" />
<input type="hidden" name="pc" value="ARRD" />
</div><!--/.none-->
<div class="logo">
<img src="http://www.google.com/intl/en_com/images/srpr/logo3w.png" />
</div><!--/.logo-->
<dl>
<dt>
<input type="text" name="q" autofocus="" />

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zsearch_engine"="Google"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zInstallTime"="1379310899"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zInitTimer"="false"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.browserID"="DE19B15C257C0767B8F8A77249071E8C"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.browser_version"="10"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.DefaultScope"=""
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab\BHO]
"extensions.defaulttab.zREMDefaultScope"=""
[HKEY_USERS\S-1-5-18\Software\DefaultTab]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
@="DefaultTabBHO"

Searching for "sweetpacks"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks_A5]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks_A5]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

-= EOF =-
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am

Re: Unable to upload pics from my PC to my Program:staged.co

Unread postby nunped » June 11th, 2014, 11:09 pm

Hi theprofitteam,

Lets continue the cleaning:
Step 1 - Registry Backup (TCRB)

Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 2 - OTL - System Scan
  1. Right-click OTL.exe and select " Run as administrator " to run it.
  2. Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  3. (Click the select all button next to code to select the entire script).
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_CURRENT_USER\"Software\iLivid]
    [-HKEY_CURRENT_USER\Software\FreeDownloadManager.ORG\Free Download Manager\Settings\Network\Bittorrent]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(1).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(10).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(11).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(14).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(3).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(4).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r1315-n-bf(6).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r139-n-bf.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r418-n-bf.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FreeDownloadManager.ORG\Free Download Manager\Settings\Network\Bittorrent]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\"Software\iLivid]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994FB08B-DFF6-40F5-AE7F-D551E534450F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mysearchdialcdn.com]
    [HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings]
    "SearchFromAddressUrl"=-
    [HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar\Settings\Search\Settings]
    "ContextMenuSearchUrl"=-
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\MySearchDial]
    [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearchdialcdn.com]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4542C1-99D6-439D-ADBE-75A98FFBB8D8}]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\AppDataLow\Software\Installl_Converter_A\toolbar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\viraltrafficfrenzy]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\viraltrafficfrenzy]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
    [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\DefaultTab]
    [-HKEY_USERS\.DEFAULT\Software\DefaultTab]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
    [-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\DefaultTab]
    [-HKEY_USERS\S-1-5-18\Software\DefaultTab]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks_A5]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\SweetPacks_A5]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
    
    :Files
    C:\Downloads\Video\iLividSetup-r139-n-bf.exe
    C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\CT3294791\CT3294791.searchProtectorData
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll
    C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\sweetpacks-a5-customized-web-search.xml
    C:\Users\poc\AppData\LocalLow\Installl_Converter_A\Repository\conduit_CT3311834_CT3311834
    C:\Users\poc\AppData\LocalLow\Installl_Converter_A\Repository\conduit_CT3311834_en
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  7. Please post the contents of report in your next reply.

Step 3
How is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Re: Unable to upload pics from my PC to my Program:stage

Unread postby theprofitteam » June 12th, 2014, 4:48 pm

OK- I shall do as you suggest: When I get home, I shall follow the steps you outline above.. Thank you! Courtenay in Albuquerque :)
theprofitteam
Regular Member
 
Posts: 28
Joined: June 4th, 2014, 12:19 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 369 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware