Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Pop-ups, Redirects, slow system, And unable to download anything. [Clo

Started by sammibear13 , Jan 22 2014 01:39 PM

This topic is locked

#16
sammibear13

Posted 25 January 2014 - 12:26 AM

Member

Topic Starter
Member
16 posts

Also I am still unable to download some files.

#17
Machiavelli

Posted 25 January 2014 - 04:34 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Is there any error message / code when you are downloading something?

Step 1: Uninstall Software

Click on the Start button and select Control Panel
Click on Programs then click on Uninstall a program
You will now see a list of your installed software, double click on the following one by one to uninstall them (ignore entries when you are not able to uninstall - but please inform me about that):
- GorillaPrice
- Search-Results Toolbar
Once you have done this, reboot your computer

Step 2: Chrome Extensions

Resetting Google Extensions

Run Google Chrome
Please type the command below into the Adress Box

chrome:extensions

A new Tab will open in Google Chrome
You will see an entry which is probably called SearchNewTab
Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
A confirmation dialog appears, click Remove.

Step 3: OTL Fix

Run OTL. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CreateRestorePoint]

:OTL
SRV - [2013/12/24 05:35:44 | 000,088,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
SRV - [2013/12/24 05:35:36 | 000,646,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080
FF - prefs.js..extensions.enabledAddons: ConsumerInput%40Compete:12171
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O20:64bit: - AppInit_DLLs: (Results Results gpcloud.dll) - File not found
O20 - AppInit_DLLs: (gpsort.dll) - C:\windows\SysWow64\gpsort.dll ()
O20 - AppInit_DLLs: (results results) - File not found
O33 - MountPoints2\{78758164-5b6f-11e2-89f1-3860778f90ba}\Shell - "" = AutoRun
O33 - MountPoints2\{78758164-5b6f-11e2-89f1-3860778f90ba}\Shell\AutoRun\command - "" = E:\iLinker.exe
[2014/01/24 14:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/01/21 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\jamie\AppData\Local\GCC
[2013/12/28 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2013/12/28 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice
[2013/12/28 18:59:56 | 000,454,656 | ---- | C] () -- C:\windows\gpcloud.dll
[2013/12/28 18:59:56 | 000,383,488 | ---- | C] () -- C:\windows\SysWow64\gpsort.dll
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E369BDA7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

Step 4: SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Double-click SystemLook.exe to run it.(if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the SystemLook icon and select Run as Administrator)

Copy the content of the following codebox into the main textfield:

:folderfind
*Conduit*
*Sweetpacks*
*GorillaPrice*
*boost_interprocess*
*Sweetim*
*babylon*
*Smartbar*
*ilvid*
*Mobogenie*

:filefind
*Conduit*
*Sweetpacks*
*GorillaPrice*
*boost_interprocess*
*Sweetim*
*babylon*
*Smartbar*
*ilvid*
*Mobogenie*

:regfind
Conduit
Sweetpacks
GorillaPrice
boost_interprocess
Sweetim
babylon
Smartbar
ilvid
Mobogenie

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

#18
sammibear13

Posted 28 January 2014 - 12:54 PM

Member

Topic Starter
Member
16 posts

Files\Folders moved on Reboot...
C:\ProgramData\GorillaPrice\WatGorp.exe moved successfully.
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe moved successfully.
C:\ProgramData\boost_interprocess\20140128123715.125599 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\ProgramData\GorillaPrice folder moved successfully.
C:\Program Files (x86)\GorillaPrice folder moved successfully.
C:\Windows\SysWOW64\gpsort.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#19
sammibear13

Posted 28 January 2014 - 01:09 PM

Member

Topic Starter
Member
16 posts

OTL logfile created on: 1/28/2014 12:55:41 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jamie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.74% Memory free
7.83 Gb Paging File | 5.94 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.89 Gb Total Space | 330.58 Gb Free Space | 73.48% Space Free | Partition Type: NTFS

Computer Name: JAMIE-PC | User Name: jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/21 18:11:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jamie\Downloads\OTL.exe
PRC - [2013/11/14 05:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/09/01 01:21:46 | 001,954,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/14 08:45:48 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/14 08:45:05 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/15 21:48:12 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 12:18:16 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 12:18:09 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/24 00:39:58 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/01 01:27:36 | 000,286,360 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtPlugins\imageformats\qjpeg4.dll
MOD - [2011/09/01 01:22:38 | 010,729,624 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtGui4.dll
MOD - [2011/09/01 01:22:34 | 003,040,920 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\QtCore4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/20 17:31:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 10:54:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/03/15 15:35:15 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 20:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 19:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/26 14:50:31 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 23:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/15 23:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/16 14:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/02 18:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/17 18:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/16 12:15:57 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140114.002\ex64.sys -- (NAVEX15)
DRV - [2013/12/16 12:15:57 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/16 12:15:57 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/16 12:15:57 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140114.002\eng64.sys -- (NAVENG)
DRV - [2013/12/13 20:19:30 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-msgr"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B7c9736d3-e2b9-45c0-951e-1d279370b197%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B90b49673-5506-483e-b92b-ca0265bd9ca8%7D:10.23.0.822
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.20.2
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jamie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2013/12/16 12:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2014/01/28 12:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/21 22:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/09 10:57:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/21 22:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/09 10:57:13 | 000,000,000 | ---D | M]

[2013/02/21 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jamie\AppData\Roaming\mozilla\Extensions
[2014/01/24 13:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jamie\AppData\Roaming\mozilla\Firefox\Profiles\vbu0iepz.default\extensions
[2013/11/27 00:53:48 | 000,007,716 | ---- | M] () -- C:\Users\jamie\AppData\Roaming\mozilla\firefox\profiles\vbu0iepz.default\searchplugins\yahoo.xml
[2014/01/24 13:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/14 13:44:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/01/23 13:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/14 13:44:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 17:31:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - Extension: Google Drive = C:\Users\jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ViAoudioX = C:\Users\jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnmkpbdihegdejpohaaenfinbciohpj\1.3\
CHR - Extension: Google Wallet = C:\Users\jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2014/01/21 18:28:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\jamie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\jamie\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97ACE74D-4D8A-4DE7-8CFB-AD6147B5105E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (Results Results gpcloud.dll) - File not found
O20 - AppInit_DLLs: (gpsort.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/24 14:15:35 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/01/24 13:56:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/24 13:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/21 18:32:05 | 000,000,000 | ---D | C] -- C:\Users\jamie\Desktop\GooredFix Backups
[2014/01/21 18:28:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/01/21 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2014/01/17 09:21:15 | 000,000,000 | ---D | C] -- C:\00d85a5ed549e7ce94
[2014/01/07 20:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual
[2014/01/07 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/28 12:59:31 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 12:59:31 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/28 12:50:53 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/28 12:50:11 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/28 12:50:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/28 12:49:43 | 3151,998,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 12:19:32 | 000,727,398 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/28 12:19:32 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/28 12:19:32 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/28 12:16:47 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/28 12:16:37 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-616220210-2893212370-668484251-1001UA.job
[2014/01/27 02:23:28 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-616220210-2893212370-668484251-1001Core.job
[2014/01/25 10:20:45 | 000,118,555 | ---- | M] () -- C:\Users\jamie\Documents\U.S soccer reg. reciept.pdf
[2014/01/23 02:49:59 | 000,018,090 | ---- | M] () -- C:\Users\jamie\Desktop\DrFelixResults.zip
[2014/01/21 18:28:06 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/01/16 12:14:51 | 000,275,304 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/15 01:05:41 | 000,030,811 | ---- | M] () -- C:\Users\jamie\AppData\Roaming\DreamCalc DC4G.dat
[2014/01/07 20:43:13 | 000,000,000 | ---- | M] () -- C:\windows\iPlayer.INI
[2014/01/07 20:42:19 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\InterActual Player.lnk
[2014/01/07 20:39:47 | 000,001,336 | ---- | M] () -- C:\Users\jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2014/01/01 01:12:42 | 000,002,968 | ---- | M] () -- C:\{3C541D11-540A-4036-A25D-A97430C0111A}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/25 10:20:45 | 000,118,555 | ---- | C] () -- C:\Users\jamie\Documents\U.S soccer reg. reciept.pdf
[2014/01/23 02:47:23 | 000,018,090 | ---- | C] () -- C:\Users\jamie\Desktop\DrFelixResults.zip
[2014/01/07 20:43:13 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2014/01/07 20:42:19 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\InterActual Player.lnk
[2014/01/01 01:12:41 | 000,002,968 | ---- | C] () -- C:\{3C541D11-540A-4036-A25D-A97430C0111A}
[2013/12/28 18:59:56 | 000,454,656 | ---- | C] () -- C:\windows\gpcloud.dll
[2012/09/25 17:48:20 | 000,001,457 | ---- | C] () -- C:\Users\jamie\.recently-used.xbel
[2012/09/03 14:33:59 | 000,008,192 | ---- | C] () -- C:\Users\jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 07:59:22 | 000,030,811 | ---- | C] () -- C:\Users\jamie\AppData\Roaming\DreamCalc DC4G.dat
[2012/02/28 16:48:03 | 000,061,440 | ---- | C] () -- C:\windows\wnUninstall.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/22 14:49:00 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\.minecraft
[2011/12/28 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\Book Place
[2012/08/30 10:52:07 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\com.connectionsEducation.activityTracker
[2012/09/25 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\gtk-2.0
[2012/09/03 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\MusicNet
[2012/09/26 09:58:28 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\No Company Name
[2012/07/08 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\ooVoo Details
[2013/12/31 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\Open Download Manager
[2014/01/21 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\SoftGrid Client
[2013/02/21 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\TFP
[2011/12/25 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\Tific
[2011/12/25 09:38:26 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\Toshiba
[2012/01/13 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\TP
[2013/04/10 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\TuneUp Software
[2012/09/28 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\WildTangent
[2011/12/25 09:35:49 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\WinBatch
[2012/08/13 08:38:32 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\Windows Live Writer
[2013/08/19 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\jamie\AppData\Roaming\YScienceLabs

========== Purity Check ==========

< End of report >

#20
sammibear13

Posted 28 January 2014 - 01:17 PM

Member

Topic Starter
Member
16 posts

SystemLook 30.07.11 by jpshortstuff
Log created at 13:11 on 28/01/2014 by jamie
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\LocalLow\Conduit d------ [19:58 24/01/2014]
C:\Users\jamie\AppData\Local\Temp\8f9262e4-d25e-48cf-aad9-e077a4f988760\bin\Searchprotect Conduit d------ [00:33 22/01/2014]

Searching for "*Sweetpacks*"
No folders found.

Searching for "*GorillaPrice*"
C:\_OTL\MovedFiles\01282014_124702\C_Program Files (x86)\GorillaPrice d------ [00:59 29/12/2013]
C:\_OTL\MovedFiles\01282014_124702\C_ProgramData\GorillaPrice d------ [00:59 29/12/2013]

Searching for "*boost_interprocess*"
C:\AdwCleaner\Quarantine\C\ProgramData\boost_interprocess d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Temp\boost_interprocess d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\LocalLow\boost_interprocess d------ [19:58 24/01/2014]
C:\Users\jamie\AppData\Local\Temp\boost_interprocess d------ [21:30 24/01/2014]
C:\_OTL\MovedFiles\01282014_124702\C_ProgramData\boost_interprocess d------ [20:00 24/01/2014]

Searching for "*Sweetim*"
No folders found.

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Babylon d------ [19:58 24/01/2014]

Searching for "*Smartbar*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Temp\Smartbar d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\LocalLow\Smartbar d------ [19:58 24/01/2014]

Searching for "*ilvid*"
C:\Users\jamie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9FT8FWL2\player.longtailvideo.com d------ [23:57 20/12/2013]
C:\Users\jamie\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com d------ [23:57 20/12/2013]

Searching for "*Mobogenie*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie d------ [19:58 24/01/2014]
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie d------ [19:58 24/01/2014]
C:\Users\jamie\AppData\Local\Temp\8f9262e4-d25e-48cf-aad9-e077a4f988760\bin\Mobogenie d------ [00:33 22/01/2014]
C:\Users\wangzhisong\AppData\Local\Mobogenie d------ [20:24 15/12/2013]

========== filefind ==========

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1005466_1001181_US.xml.vir --a---- 187 bytes [15:07 28/12/2011] [06:56 29/12/2011] 8D1FB2D78302B721C781F7CBD611C343
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT2612669\toolbarImages\http___storage_conduit_com_69_261_CT2612669_Images_634097231686030000.png.vir --a---- 1164 bytes [00:11 09/01/2014] [00:11 09/01/2014] FBA13436DE4BA2968D9DA7361945275A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT2612669\toolbarImages\http___storage_conduit_com_69_261_CT2612669_Images_634855966178033787.png.vir --a---- 1657 bytes [00:11 09/01/2014] [00:11 09/01/2014] 49CDC2942C53BEF60C90AF37D786B76C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT2612669\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif.vir --a---- 950 bytes [00:11 09/01/2014] [00:11 09/01/2014] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT2612669\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif.vir --a---- 322 bytes [00:11 09/01/2014] [00:11 09/01/2014] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\ConduitAbstractionLayer.js.vir --a---- 41708 bytes [23:17 29/12/2013] [23:17 29/12/2013] 8D5A1819A0FE65DEFB3C1A5AAEF56070
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\ConduitAbstractionLayerBack.js.vir --a---- 41708 bytes [23:17 29/12/2013] [23:17 29/12/2013] 8D5A1819A0FE65DEFB3C1A5AAEF56070
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\ConduitAbstractionLayerFront.js.vir --a---- 41708 bytes [23:17 29/12/2013] [23:17 29/12/2013] 8D5A1819A0FE65DEFB3C1A5AAEF56070
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [23:17 29/12/2013] [23:17 29/12/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [23:17 29/12/2013] [23:17 29/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Chrome\CT2612669\content\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [23:17 29/12/2013] [23:17 29/12/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\lib\log4conduit.jsm.vir --a---- 760 bytes [23:17 29/12/2013] [23:17 29/12/2013] 93898FE6A232C5FCD838D8168F65D802
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\Plugins\npConduitFirefoxPlugin.dll.vir --a---- 206624 bytes [23:17 29/12/2013] [23:17 29/12/2013] 28493ABD37256B669CB50468F5134A87
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [18:43 06/12/2012] [18:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C
C:\Users\jamie\AppData\Local\Temp\8f9262e4-d25e-48cf-aad9-e077a4f988760\temp\Searchprotect Conduitinfo.dfe --a---- 768 bytes [00:33 22/01/2014] [00:33 22/01/2014] FEB23C5D7F5C780D92A8BBDFA6D198EF
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9555EPBJ\storage.conduit[1].xml --a---- 13 bytes [07:09 28/12/2011] [07:09 28/12/2011] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BYU6VNGL\fbtemplate.conduitapps[1].xml --a---- 13 bytes [07:09 28/12/2011] [07:09 28/12/2011] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\M32HPGTO\facebook.conduitapps[1].xml --a---- 13 bytes [07:09 28/12/2011] [07:09 28/12/2011] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT3288691\conduit.xml --a---- 999 bytes [04:28 22/08/2013] [04:28 22/08/2013] F6F62DDC7A8B23A99BED2C938D0F376B

Searching for "*Sweetpacks*"
No files found.

Searching for "*GorillaPrice*"
C:\_OTL\MovedFiles\01282014_124702\C_Program Files (x86)\GorillaPrice\GorillaPrice.exe --a---- 646656 bytes [11:35 24/12/2013] [11:35 24/12/2013] 54FC42C0F87ADDF6C1BB27E553DD64DC
C:\_OTL\MovedFiles\01282014_124702\C_Program Files (x86)\GorillaPrice\GorillaPrice.ico --a---- 4286 bytes [13:46 27/09/2013] [13:46 27/09/2013] 89C847468F840060F86117344632962D
C:\_OTL\MovedFiles\01282014_124702\C_ProgramData\GorillaPrice\GorillaPrice.exe --a---- 646656 bytes [11:35 24/12/2013] [11:35 24/12/2013] 54FC42C0F87ADDF6C1BB27E553DD64DC

Searching for "*boost_interprocess*"
No files found.

Searching for "*Sweetim*"
No files found.

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}\chrome\skin\babylon_logo.png.vir --a---- 3577 bytes [08:49 27/02/2012] [08:49 27/02/2012] 30FF3A31EDC0442F934F703C26B9F572
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BL5C3SX4\cdn.adbabylon[1].xml --a---- 13 bytes [05:43 11/01/2014] [05:43 11/01/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Smartbar*"
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir --a---- 727320 bytes [23:57 31/12/2013] [23:57 31/12/2013] 3AADAD2057057B091568F0A616706E60
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir --a---- 81176 bytes [23:57 31/12/2013] [23:57 31/12/2013] EF3F08B81A6AB4B8990DF745EFF23248
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir --a---- 2151192 bytes [23:57 31/12/2013] [23:57 31/12/2013] E4DB1E0C7278DF9BDF35AAE0D1CAE2AA
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir --a---- 13592 bytes [23:57 31/12/2013] [23:57 31/12/2013] 7BECF53FC9DB63EC60680321CCDBC7EC
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir --a---- 34072 bytes [23:57 31/12/2013] [23:57 31/12/2013] 1A16E390BA13C3997CCCD60342E4FE84
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir --a---- 59160 bytes [23:57 31/12/2013] [23:57 31/12/2013] 6353482ABF74631474C6AD2CA36EAEE3
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir --a---- 53016 bytes [23:57 31/12/2013] [23:57 31/12/2013] 3762B97B95BA2B77C1822FCF9E19F910
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir --a---- 56600 bytes [23:57 31/12/2013] [23:57 31/12/2013] 51D925697FCEAC44AAE0E0A72EA93BEA
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir --a---- 149784 bytes [23:57 31/12/2013] [23:57 31/12/2013] 740AD4FEEB783357A689B774417E9C90
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir --a---- 16664 bytes [23:57 31/12/2013] [23:57 31/12/2013] CF1C56F55BC029D3290DB3AD190ABFD6
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir --a---- 111896 bytes [23:57 31/12/2013] [23:57 31/12/2013] 79248ABA1D7E509F14ECE724E8FBB4D0
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir --a---- 52504 bytes [23:57 31/12/2013] [23:57 31/12/2013] 067B0A9EDAB3473379E4EFA0F7E3C9E0
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir --a---- 24856 bytes [23:57 31/12/2013] [23:57 31/12/2013] DD2274E6CF0AC85744FCCEFEB83AF87C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir --a---- 47384 bytes [23:57 31/12/2013] [23:57 31/12/2013] 951A3482BD9128E77DEFA4DC88D0EF59
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir --a---- 318232 bytes [23:57 31/12/2013] [23:57 31/12/2013] AB496241991F1C815E31B50065B4AD2D
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarInstallationIcon.ico.vir --a---- 32038 bytes [23:30 17/02/2013] [23:30 17/02/2013] DC46012E562CB4EF228B6831FDA801AA
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir --a---- 136984 bytes [23:58 31/12/2013] [23:58 31/12/2013] 023DA6F9D5D09697BAACAF86120AC320
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir --a---- 136984 bytes [23:58 31/12/2013] [23:58 31/12/2013] 023DA6F9D5D09697BAACAF86120AC320
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir --a---- 92440 bytes [23:58 31/12/2013] [23:58 31/12/2013] 8B624227984967CDCA69AD1636EA6AE2
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir --a---- 92440 bytes [23:58 31/12/2013] [23:58 31/12/2013] 8B624227984967CDCA69AD1636EA6AE2
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarShortcutIcon.ico.vir --a---- 15086 bytes [20:56 11/02/2013] [20:56 11/02/2013] 406F20279F4429B5F9FE584D2EA78B26
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.config.vir --a---- 346 bytes [17:51 03/02/2013] [17:51 03/02/2013] 9FC8BFCE08D0F81E9827A672513FE7E7
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir --a---- 14104 bytes [23:58 31/12/2013] [23:58 31/12/2013] 89305F9F5466BABCFE924FF8A2B74792
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 39192 bytes [23:56 31/12/2013] [23:56 31/12/2013] 99AA91CE6467177ADDF05EC2B3E6CFE4
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 25368 bytes [23:56 31/12/2013] [23:56 31/12/2013] 46E5ED3DB04D72518E386CFFEAD8B838
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 35096 bytes [23:56 31/12/2013] [23:56 31/12/2013] 892D64B44690FC7726F6D7B915FD51A0
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 35096 bytes [23:56 31/12/2013] [23:56 31/12/2013] 01FA6322FAB9BA3B5E761CB902E811C6
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 25880 bytes [23:56 31/12/2013] [23:56 31/12/2013] 7E66DFBC5F05CB2FF6889B9940AE6013
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\ISmartbarFireFoxRemotePlugin.xpt.vir --a---- 346 bytes [18:13 03/02/2013] [18:13 03/02/2013] 7395B84C60A0D7CFA3CE8C6CA6D2F364
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_20.dll.vir --a---- 99096 bytes [01:21 25/03/2013] [01:21 25/03/2013] 5173D6F45A4AAB681D57B629A4A26259
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_21.dll.vir --a---- 99096 bytes [16:05 14/04/2013] [16:05 14/04/2013] 6E386EDFE0D1BAF512F4EF2BFF69971A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_22.dll.vir --a---- 99096 bytes [17:32 02/06/2013] [17:32 02/06/2013] 7EFEEF0D2FDA2F3483BBDDD84CC40C52
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_23.dll.vir --a---- 99096 bytes [20:06 31/07/2013] [20:06 31/07/2013] AAFD54DDB6002B1D030B5B48EB9F1C27
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_24.dll.vir --a---- 99096 bytes [23:06 28/08/2013] [23:06 28/08/2013] 1A49CA4A422210F9131A88CE721566BD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_25.dll.vir --a---- 99096 bytes [21:42 29/10/2013] [21:42 29/10/2013] F7048922A70F12037474044FAF7EE71A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_26.dll.vir --a---- 99096 bytes [20:38 22/12/2013] [20:38 22/12/2013] 1C3FAC378811421694FFFA96164D25DE
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 35096 bytes [23:56 31/12/2013] [23:56 31/12/2013] 720806A2459660C7C707B4D88954277C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 35096 bytes [23:56 31/12/2013] [23:56 31/12/2013] EFEF427FD94F17B312D4B264043251AD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 35096 bytes [23:56 31/12/2013] [23:56 31/12/2013] 28A347887280FC145F7A9BB2ADFE356F
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 43288 bytes [23:56 31/12/2013] [23:56 31/12/2013] D47F6F0BE7BB74F44C52D7DC3ECE844A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir --a---- 25368 bytes [23:58 31/12/2013] [23:58 31/12/2013] 73F77C2B4156CDF15EBFE090D4F12F35
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir --a---- 13592 bytes [23:57 31/12/2013] [23:57 31/12/2013] 98C8082E334ED26B4E61B42DA62B02CB
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir --a---- 12568 bytes [23:57 31/12/2013] [23:57 31/12/2013] FBE73E8B31C37D214CD2EA3319164B52
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir --a---- 12056 bytes [23:57 31/12/2013] [23:57 31/12/2013] B7D526BDE26779F2CD1F6EE7232FC998
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir --a---- 46872 bytes [23:57 31/12/2013] [23:57 31/12/2013] E939F95C2B825A8D6FA6A1F39525D777
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir --a---- 21784 bytes [23:57 31/12/2013] [23:57 31/12/2013] D2A942ACE1D18C2A9879763D950AAD10
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir --a---- 13592 bytes [23:57 31/12/2013] [23:57 31/12/2013] FC4324F20446A6B9A74F49282F97FC01
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\ISmartbarFireFoxRemotePlugin.xpt.vir --a---- 346 bytes [21:12 08/01/2014] [18:13 03/02/2013] 7395B84C60A0D7CFA3CE8C6CA6D2F364
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_20.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [01:21 25/03/2013] 5173D6F45A4AAB681D57B629A4A26259
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_21.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [16:05 14/04/2013] 6E386EDFE0D1BAF512F4EF2BFF69971A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_22.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [17:32 02/06/2013] 7EFEEF0D2FDA2F3483BBDDD84CC40C52
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_23.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [20:06 31/07/2013] AAFD54DDB6002B1D030B5B48EB9F1C27
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_24.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [23:06 28/08/2013] 1A49CA4A422210F9131A88CE721566BD
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_25.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [21:42 29/10/2013] F7048922A70F12037474044FAF7EE71A
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\Extensions\{7c9736d3-e2b9-45c0-951e-1d279370b197}\components\SmartbarFireFoxRemotePlugin_26.dll.vir --a---- 99096 bytes [21:12 08/01/2014] [20:38 22/12/2013] 1C3FAC378811421694FFFA96164D25DE

Searching for "*ilvid*"
C:\Users\jamie\AppData\Local\Temp\GC\Profiles\{F8891346-91DB-4227-9513-B3A2AC4C1B83}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TW4ZEGTQ\p.jwpcdn.com\com.longtailvideo.jwplayer.sol --a---- 58 bytes [20:50 27/01/2014] [20:52 27/01/2014] 144BC89D418D742D72DC5B1DDA8E1DEA
C:\Users\jamie\AppData\Local\Temp\GC\Profiles\{FB35B52E-C66E-4238-B04F-1C5C21BAFB59}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NKV9U8FD\www.recipevideoz.com\com.longtailvideo.jwplayer.sol --a---- 58 bytes [19:42 27/01/2014] [19:42 27/01/2014] 38111220EDB5114733E8665129E519DA

Searching for "*Mobogenie*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir --a---- 661184 bytes [20:40 15/12/2013] [20:40 15/12/2013] BA37BA65CCCFB37DC820E3681F1BA57C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg.vir --a---- 3072 bytes [20:24 15/12/2013] [20:24 15/12/2013] EBEE736AEC90A4F5D1E115F145FD8956
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir --a---- 26680181 bytes [20:40 15/12/2013] [20:39 15/12/2013] B0DB27DF05D53367DD5AD95946DCB00B
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobogenie.apk.vir --a---- 1465534 bytes [20:40 15/12/2013] [20:39 15/12/2013] F3208FCA02BFA164626CB80579D0EA6C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir --a---- 7152832 bytes [20:40 15/12/2013] [20:39 15/12/2013] FAD695EBE40B1EA35D061A9D68810AD7
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.url.vir --a---- 48 bytes [20:40 15/12/2013] [20:39 15/12/2013] 9060A9B337D5EC342CE6018E104F5A4D
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir --a---- 661184 bytes [20:40 15/12/2013] [20:40 15/12/2013] BA37BA65CCCFB37DC820E3681F1BA57C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load.gif.vir --a---- 2273 bytes [20:40 15/12/2013] [20:39 15/12/2013] 7776A82915F60FDDDBCB5F35DC7E680C
C:\AdwCleaner\Quarantine\C\Users\jamie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load_img.gif.vir --a---- 3834 bytes [20:40 15/12/2013] [20:39 15/12/2013] 8A503292468E11CCAC1A7925613E22D0
C:\Users\jamie\AppData\Local\Temp\8f9262e4-d25e-48cf-aad9-e077a4f988760\bin\css\mobogenie.css --a---- 1642 bytes [23:20 04/12/2013] [23:20 04/12/2013] 6A6F7D7166093AB485EBA09F2EDF1F1C
C:\Users\jamie\AppData\Local\Temp\8f9262e4-d25e-48cf-aad9-e077a4f988760\temp\Mobogenieinfo.dfe --a---- 817 bytes [00:33 22/01/2014] [00:33 22/01/2014] 773FF9D24321C40CDD92FF240A864A3D

========== regfind ==========

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\045F27F206F16624596059B2126D46D0]
"File"="iSyncConduit.dll"

Searching for "Sweetpacks"
No data found.

Searching for "GorillaPrice"
[HKEY_CURRENT_USER\Software\GorillaPrice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GorillaPrice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice]
"DisplayName"="GorillaPrice"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice]
"DisplayIcon"="C:\Program Files (x86)\GorillaPrice\GorillaPrice.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice]
"UninstallString"="explorer.exe http://uninstaller.g...ninstaller.php"
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\GorillaPrice]

Searching for "boost_interprocess"
No data found.

Searching for "Sweetim"
[HKEY_USERS\.DEFAULT\Software\SweetIM]
[HKEY_USERS\S-1-5-18\Software\SweetIM]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com]

Searching for "Smartbar"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList]
"LastUsedSource"="n;1;C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList\Net]
"1"="C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"Class"="IESmartBar.MSG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\1.0.0.0]
"Class"="IESmartBar.BandObjectStyle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"Class"="IESmartBar.POINT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\1.0.0.0]
"Class"="IESmartBar.DBIM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"Class"="IESmartBar.DESKBANDINFO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\1.0.0.0]
"Class"="IESmartBar.DBIMF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\1.0.0.0]
"Assembly"="SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\1.0.0.0]
"CodeBase"="file:///C:/Users/jamie/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\icons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\iconsWide\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\Profiles\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\Configs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\Configs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\PublisherImages\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\pt\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\nl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\ar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\he\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\ru\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\Configs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"00000000000000000000000000000000"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\016A7206F164D5243BE66200904CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\016A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B51A54BED003754EB928BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B51AA2BED003754EB928BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B61AA2BED003754EB929BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B6A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\116A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\216A7206F164D5243BE66288984CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\216A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\2E35213FD461DD045869F4E01B62B2BE]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\32123894481B5D040B0F8C26B6D7A878]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\40623894481B5D040B0F8C26B6D7A878]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\4CD231EF64D076744824027B43D7B1AD]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\93D6CC2FC9612424E87EB7375E2FC46C]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73868888]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A143CF598A8430D4BB0E71700E8C09C5]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A805D820868346044B5BDD92EB6CA6C3]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A9AB3AEAE939E984293B9178134BD540]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F71A]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F72A]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F73A]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\D40B7F324393F624DACA80C397004DA1]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\DF0B7F324F93FE24DBCA80C397004DF2]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E13864C95DCE91247A4435FFDA762754]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E2647758E1ED7134F8C4259CC51A2AA8]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF1]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF2]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF3]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF4]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF5]
"D7BCE0B2A9AEA2246915CF9115630B13"="01:\Software\Smartbar\version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Products\D7BCE0B2A9AEA2246915CF9115630B13\InstallProperties]
"InstallSource"="C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B0ECB7D-EA9A-422A-9651-FC195136B031}]
"InstallSource"="C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"Path"="C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Users\jamie\AppData\Local\Smartbar\Application\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"Path"="C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Users\jamie\AppData\Local\Smartbar\Application\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Users\jamie\AppData\Local\Smartbar\Application\"
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList]
"LastUsedSource"="n;1;C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList\Net]
"1"="C:\Users\jamie\AppData\Local\Temp\Smartbar\3cd98407-4a1f-4758-8aec-66bdf09d6522\"

Searching for "ilvid"
No data found.

Searching for "Mobogenie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52a74043_0]
@="{0.0.0.00000000}.{c48240d1-09a0-485c-8c64-8f255e4e38f6}|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52a74043_0]
@="{0.0.0.00000000}.{c48240d1-09a0-485c-8c64-8f255e4e38f6}|\Device\HarddiskVolume2\Program Files (x86)\Mobogenie\Mobogenie.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]

-= EOF =-

#21
Machiavelli

Posted 28 January 2014 - 02:07 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Step 1: Chrome's Extension

Run Google Chrome
Please type the command below into the Adress Box

chrome:extensions

A new Tab will open in Google Chrome
You will see an entry which is probably called ViAoudioX
Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
A confirmation dialog appears, click Remove.

Step 2: OTL Fix

Run OTL. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CreateRestorePoint]

:OTL
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - AppInit_DLLs: (Results Results gpcloud.dll) - File not found
O20 - AppInit_DLLs: (gpsort.dll) - File not found
[2014/01/21 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller

:Files
C:\Users\wangzhisong\AppData\Local\Mobogenie
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9555EPBJ\storage.conduit[1].xml	
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BYU6VNGL\fbtemplate.conduitapps[1].xml	
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\M32HPGTO\facebook.conduitapps[1].xml	
C:\Users\jamie\AppData\Roaming\Mozilla\Firefox\Profiles\vbu0iepz.default\CT3288691\conduit.xml	
C:\Users\jamie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BL5C3SX4\cdn.adbabylon[1].xml	

:reg
[-HKEY_CURRENT_USER\Software\GorillaPrice]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GorillaPrice]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GorillaPrice]

[-HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\GorillaPrice]

[-HKEY_USERS\.DEFAULT\Software\SweetIM]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

[-HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com]

[-HKEY_USERS\S-1-5-18\Software\SweetIM]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF5]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\icons\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\iconsWide\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\images\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\Profiles\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\DistributionFiles\Configs\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\components\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\Configs\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\[email protected]\chrome\PublisherImages\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\ServicesPlugins\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\es\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\pt\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\nl\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\fr\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\it\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\ar\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\he\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\ru\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\tr\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Application\de\"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\jamie\AppData\Local\Smartbar\Common\Configs\"=-

[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList]
"LastUsedSource"=-

[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList\Net]
"1"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B0ECB7D-EA9A-422A-9651-FC195136B031}]

[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList]
"LastUsedSource"=-

[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Installer\Products\D7BCE0B2A9AEA2246915CF9115630B13\SourceList\Net]
"1"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"00000000000000000000000000000000"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\016A7206F164D5243BE66200904CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\016A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B394BFA95E9CAE4FBB27DB664DCBD0E]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B51A54BED003754EB928BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B51AA2BED003754EB928BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B61AA2BED003754EB929BEF1B2E8A42]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\0B6A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\116A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\216A7206F164D5243BE66288984CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\216A7206F164D5243BE662E09C4CD4AC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\2E35213FD461DD045869F4E01B62B2BE]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\32123894481B5D040B0F8C26B6D7A878]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\33592FD0CF5A7AA4A8F106EB69B9A0D7]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\40623894481B5D040B0F8C26B6D7A878]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\43F238B8E12237E46A4AFF0CB31E2ECC]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\4CD231EF64D076744824027B43D7B1AD]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\55D0E21DCD38B8E40BA0517C0D9CCCE0]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\93D6CC2FC9612424E87EB7375E2FC46C]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73868888]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D61A81]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D68A18]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D68A82]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB73D6BA21]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A0AEB88D68A82]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\9DDEC1131A9FA2348B0A81EB88D68A81]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A143CF598A8430D4BB0E71700E8C09C5]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A805D820868346044B5BDD92EB6CA6C3]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\A9AB3AEAE939E984293B9178134BD540]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB33A9FC4C5]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB33A9FC4CD]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\BBB8D37874E1A0946834CDB34A9FC4CD]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\C4FE6082BC8553B4B91EC0FE408D71DA]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F71A]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F72A]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\CA86D8ADF7525524299E35592473F73A]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\D0386F2D6FEAFBC45BFCAFE158BF5064]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\D40B7F324393F624DACA80C397004DA1]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\DF0B7F324F93FE24DBCA80C397004DF2]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E13864C95DCE91247A4435FFDA762754]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E2647758E1ED7134F8C4259CC51A2AA8]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF1]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF2]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF3]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF4]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-616220210-2893212370-668484251-1001\Components\E5ADE64D843807D4997A4AFC96B78EF5]
"D7BCE0B2A9AEA2246915CF9115630B13"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52a74043_0]
@=-

[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]

[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]

[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]

[HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\52a74043_0]
@=-

[-HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files 
(x86)\Mobogenie]

[-HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]

[-HKEY_USERS\S-1-5-21-616220210-2893212370-668484251-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, post the Fixlog into your next reply

Step 3: SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Double-click SystemLook.exe to run it.(if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the SystemLook icon and select Run as Administrator)

Copy the content of the following codebox into the main textfield:

:folderfind
*Conduit*
*Sweetpacks*
*GorillaPrice*
*boost_interprocess*
*Sweetim*
*babylon*
*Smartbar*
*ilvid*
*Mobogenie*

:filefind
*Conduit*
*Sweetpacks*
*GorillaPrice*
*boost_interprocess*
*Sweetim*
*babylon*
*Smartbar*
*ilvid*
*Mobogenie*

:regfind
Conduit
Sweetpacks
GorillaPrice
boost_interprocess
Sweetim
babylon
Smartbar
ilvid
Mobogenie

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 4: Question

How is your PC running? Any issues?

#22
Machiavelli

Posted 31 January 2014 - 03:09 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Any problems with the instructions above?

#23
Essexboy

Posted 01 February 2014 - 06:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.