Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Unable to remove Isearch AVG virus

(In Progress)
(!)

TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
10-Nov-2012, 01:29 PM #16
Alright, here you go:

OTL logfile created on: 11/10/2012 10:16:51 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.50% Memory free
11.93 Gb Paging File | 10.03 Gb Available in Paging File | 84.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 691.85 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 95.81 Gb Free Space | 32.15% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 10:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2012/11/06 09:32:52 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
PRC - [2012/10/10 01:16:38 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/06/05 09:11:34 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/06/17 09:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/25 04:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/23 09:54:54 | 000,118,784 | ---- | M] () -- c:\Program Files (x86)\Common Files\aol\1285107697\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/09/07 15:46:15 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/01 07:44:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012/10/09 03:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/06/17 09:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/27 10:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 0D 96 B1 2A BD CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sss@sentrybay.com: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@interne tdownloadmanager.com: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2012/10/31 15:41:55 | 000,000,000 | ---D | M]

[2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2012/11/06 09:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@ gophoto.it.xpi

========== Chrome ==========

CHR - homepage: http://www.aol.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt .dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugin s/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: __MSG_buttonTitle__ = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg\1.0.7_0\
CHR - Extension: EasyClock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.5_0\
CHR - Extension: AdBlock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: TweetDeck = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.1.0_0\
CHR - Extension: Read Your AOL Mail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\

O1 HOSTS File: ([2012/11/09 12:26:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 07:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/09 12:26:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/09 12:15:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/09 09:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 08:22:28 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/09 08:22:27 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/09 08:22:27 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/09 08:22:18 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/09 08:22:18 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/09 08:22:18 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/09 08:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/07 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2012/11/05 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\ComboFix logs
[2012/11/03 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Logs
[2012/11/02 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Adobe Photoshop Elements 11
[2012/11/02 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAss istant
[2012/11/02 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/11/02 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Calling Card
[2012/11/02 09:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAHCS remoteIT Support
[2012/11/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/11/02 08:18:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Applet
[2012/11/01 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{28B37C5F-0747-4FF2-8108-F3BD26E2D0E3}
[2012/10/31 16:36:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/31 16:36:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/31 16:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/31 16:36:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/31 16:36:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/31 16:36:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/31 16:36:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/31 16:36:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/31 16:36:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/31 16:36:04 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/31 16:36:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/31 16:36:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/31 16:36:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/31 16:36:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/31 16:36:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/31 16:36:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/31 16:36:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/31 16:36:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/31 16:36:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/31 16:36:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/31 16:36:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/31 16:36:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/31 16:34:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/31 16:34:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2012/10/29 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/29 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/28 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\GRETECH
[2012/10/28 18:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/28 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Old Firefox Data
[2012/10/28 12:24:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 12:24:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 12:24:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 12:19:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/23 21:22:40 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/10/22 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Curiolab
[2012/10/22 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/10/22 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/10/22 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/10/21 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\DriverCure
[2012/10/21 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\SpeedyPC Software
[2012/10/21 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/20 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
[2012/10/20 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\MFAData
[2012/10/20 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/20 08:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/10/17 13:32:32 | 000,000,000 | ---D | C] -- C:\Users\Terry\Documents\GomPlayer
[2012/10/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\uTorrent
[2012/10/14 11:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/14 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
[2012/10/12 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{DC84B566-B8D7-4FDA-A2EB-94D3A13F434E}
[2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

========== Files - Modified Within 30 Days ==========

[2012/11/10 09:35:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
[2012/11/10 09:33:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 09:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 07:13:26 | 000,003,336 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2012/11/10 07:11:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 07:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 02:53:08 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/10 02:53:08 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/10 02:53:08 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/10 02:46:02 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
[2012/11/09 12:26:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/09 08:22:13 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/09 08:22:12 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/09 08:22:12 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/09 08:22:12 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/09 08:22:12 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/09 08:22:12 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/07 21:43:09 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/06 09:36:56 | 000,001,042 | ---- | M] () -- C:\Users\Terry\Desktop\iLivid.lnk
[2012/11/01 16:24:12 | 000,000,017 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | M] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 15:40:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/28 12:20:53 | 000,013,453 | ---- | M] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 20:27:54 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | M] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:44:45 | 000,000,134 | ---- | M] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | M] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/15 07:02:43 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err

========== Files Created - No Company Name ==========

[2012/11/07 21:43:09 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/06 09:36:56 | 000,001,050 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012/11/06 09:36:56 | 000,001,042 | ---- | C] () -- C:\Users\Terry\Desktop\iLivid.lnk
[2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | C] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 18:28:23 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 18:28:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 12:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 12:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 12:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 12:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 12:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/28 12:20:53 | 000,013,453 | ---- | C] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 20:27:54 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | C] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:43:12 | 000,000,134 | ---- | C] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | C] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 17:18:15 | 000,003,336 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 17:18:15 | 000,001,872 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/04/01 16:55:52 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: EASYREDIRECT.DLL >
[2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.dll
[2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Windows\SysWOW64\EasyRedirect.dll

< MD5 for: EASYREDIRECT64.DLL >
[2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect64.dll
[2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Windows\SysNative\EasyRedirect64.dll

< type C:\Windows\SysNative\tasks\{0683BC82-8C1A-4A50-89AB-76E6F0E2000F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2B0FE4CE-0A31-41CF-80CC-69E230EF6B91} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp\AIRInstallerRunner.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2DD29572-BF27-4834-8EC4-CF3E5DCAC476} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\imikimi_installer_0.5.1.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2F07F134-76B5-4139-A4A1-46B61AC314C5} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{33D9479F-26EF-4AC6-B9D8-76F6F9C571EE} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime\AdobeAIRInstaller.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{34A9AF6C-F400-4A62-BD3C-6A6263525F0B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_4.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{36A48130-E980-4F6F-8E3D-FE11722CCC7E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{65EB418A-6463-412B-A1A5-3C9809A937E1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller_2.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{663CCBE3-8C12-401A-9385-F4A4BE249E5B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{67188DDC-A9EA-4A36-A501-FC9705314E1E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{76399AAA-FCA6-4F58-AD27-AC1E75A6E63B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{7640452F-90A3-462D-8711-90D73B40DC18} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{79577837-9767-4E42-B4C5-052F9F880FD0} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files (x86)\InstallShield Installation Information\{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}\setup.exe" -c -runfromtemp -l0x0409 -removeonly</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{82F5C5C0-6AD1-4AD0-BD69-CAE86534291D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_5.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{860C9D8C-2F4D-4D1A-BA45-F40A3C6EBBFA} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\imikimi_installer_0.5.1 (2).exe"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{900D27E2-5CAD-4330-8B8D-99D67ED786E3} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{916BEB90-2210-4479-8F8E-0B67D2C3E420} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\AdobeAIRInstaller_3.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9579517A-E5BF-4C94-8F6C-82B138C9EBC4} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{AAA3DAE0-A9CF-405A-B0EF-39AF11AF9380} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{C9B837AF-7E7D-40C8-9506-325622870BF7} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{CE63C5C6-AE7F-442A-82AA-0CE1C00335D3} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT47VVWI\acssetup[1].exe" -d C:\Users\Terry\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D2D4BEF3-C187-4043-9A20-7C0774215812} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a D:\setup.exe -d D:\</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D6F8B3B3-4805-4EAC-B921-BF4D34C1ABC1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D735555C-4802-40E8-A9EF-728863CF0F4F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D838EFB5-8D22-423C-91E7-13A2777A65F0} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D91A91F8-548C-4C6F-B2BB-7A54FBD1C59E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D9B587A7-A03B-48A8-873D-05F527B35D27} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D9B8B4B8-3B7D-43B5-BA29-3990AF16781D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{DE09B16B-CF76-4EE5-9A57-44DBEC57E698} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\adweather2sp_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{E1016A45-307F-45E6-B766-13236C7006F1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{EECAB2C0-513B-42F6-8D92-E4BB1D303257} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< End of report >



Thanks
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
11-Nov-2012, 11:07 AM #17
Thanks

I know I've seen this in your installed programs, but did you knowingly install this:

Easy-Hide-IP

Or is this the first you've seen of it?

Also, any joy with the rest of the scans here:

http://forums.techguy.org/8521408-post15.html

Underneath the OTL part
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
11-Nov-2012, 11:22 AM #18
Oh shoot! I had to do other things yesterday and forgot to run the other scans. Yes, the Easy Hide is something I installed. I'll run those other scans and post those back to you. Thanks!
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
11-Nov-2012, 11:50 AM #19
OK, hopefully, I uploaded that correctly!

Here's a link; http://thespykiller.co.uk/index.php?topic=10007.new#new
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
11-Nov-2012, 12:36 PM #20
OK, I think I've got it all now.

The CKScanner results:
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\ez fonts\fonts\crackdr2.ttf
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\cracked paint.metadata.xml
scanner sequence 3.AB.11.UNBCNI
----- EOF -----

........................................................................... ........................................................................... ....................

SystemLook results:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:29 on 11/11/2012 by Terry
Administrator - Elevation successful

========== file ==========

c:\windows\system32\drivers\ndis.sys - File found and opened.
MD5: 760E38053BF56E501D562B70AD796B88
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 950128 bytes
Attributes: --a----
FileDescription: NDIS 6.20 driver
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: NDIS.SYS.MUI
InternalName: NDIS.SYS
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\drivers\netio.sys - File found and opened.
MD5: 7942B7AC3FF598F8A1736D51ADAF04E8
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 376688 bytes
Attributes: --a----
FileDescription: Network I/O Subsystem
FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
ProductVersion: 6.1.7601.17939
OriginalFilename: netio.sys
InternalName: netio.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\drivers\FWPKCLNT.SYS - File found and opened.
MD5: 910DD6694848872FD3B8F42BAF801D0A
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 288624 bytes
Attributes: --a----
FileDescription: FWP/IPsec Kernel-Mode API
FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
ProductVersion: 6.1.7601.17939
OriginalFilename: fwpkclnt.sys
InternalName: fwpkclnt.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe - Unable to find/read file.

c:\program files (x86)\AOL OnePoint\IDVault.exe - Unable to find/read file.

c:\programdata\Best Buy pc app\ClickOnceSetup.exe - Unable to find/read file.

c:\windows\system32\drivers\WsAudioDevice_383S(1).sys - File found and opened.
MD5: AD12F5C7251BB8D575D560894E73CBBA
Created at 18:40 on 02/10/2012
Modified at 23:08 on 17/11/2011
Size: 29288 bytes
Attributes: --a----
FileDescription: Wondershare Virtual Audio Device
FileVersion: 1.00
ProductVersion: 1.00
InternalName: wsvad
ProductName: Virtual Audio driver
CompanyName: Wondershare
LegalCopyright: Copyright (C) Wondershare Corp.2007

C:\Windows\SysNative\EasyRedirect64.dll - Unable to find/read file.

C:\Windows\SysWow64\EasyRedirect.dll - File found and opened.
MD5: D8BE4573B207A91A32694ED16D48975F
Created at 01:18 on 15/07/2012
Modified at 22:08 on 13/07/2012
Size: 364360 bytes
Attributes: --a----
FileDescription: EasyRedirect.dll
FileVersion: 2.1.9.9
ProductVersion: 2.1.9.9
OriginalFilename:
InternalName:
ProductName: EasyRedirect.dll
CompanyName: EasyTech
LegalCopyright: Copyright © 2010
Comments:

-= EOF =-
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
11-Nov-2012, 01:17 PM #21
Excellent, all are legit. Just wanted to be sure, especially about those two files you uploaded for me

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
RegLock::
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{4d782c9b-5158-42f5-8021-b04a6b646d9a}]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{77b730aa-a512-486d-8859-d3463bfa8d94}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
11-Nov-2012, 03:09 PM #22
OK, on to the next:

ComboFix 12-11-10.01 - Terry 11/11/2012 11:35:24.12.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4312 [GMT -8:00]
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\Logs\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 19:47 . 2012-11-11 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-10 19:02 . 2012-11-11 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-10 19:02 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-10 19:01 . 2012-11-10 19:01 -------- d-----w- c:\users\Terry\AppData\Local\Programs
2012-11-09 17:04 . 2012-11-09 17:04 -------- d-----w- C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-09 16:22 . 2012-11-09 16:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-09 16:22 . 2012-11-09 16:22 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-09 16:22 . 2012-11-09 16:22 188904 ----a-w- c:\windows\system32\java.exe
2012-11-09 16:22 . 2012-11-09 16:22 -------- d-----w- c:\program files\Java
2012-11-03 03:37 . 2012-11-03 03:37 -------- d-----w- c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAss istant
2012-11-03 03:37 . 2012-11-03 05:02 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01 -------- d-----w- c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01 -------- d-----w- c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12 -------- d-----w- c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09 -------- d-----w- c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39 -------- d-----w- c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39 -------- d-----w- c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04 -------- d-----w- c:\users\Terry\AppData\Roaming\GRETECH
2012-10-24 05:22 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-23 04:28 . 2012-10-23 04:28 -------- d-----w- c:\users\Terry\AppData\Roaming\Curiolab
2012-10-23 04:27 . 2012-11-08 03:37 -------- d-----w- c:\program files (x86)\Exterminate It!
2012-10-23 00:45 . 2012-10-23 00:45 -------- d-----w- c:\program files (x86)\ESET
2012-10-22 00:35 . 2012-11-08 22:01 -------- d-----w- c:\program files (x86)\STOPzilla!
2012-10-22 00:35 . 2012-11-08 22:01 -------- d-----w- c:\programdata\STOPzilla!
2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\users\Terry\AppData\Roaming\DriverCure
2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\users\Terry\AppData\Roaming\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-10-21 00:10 . 2012-10-21 00:10 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-20 23:16 . 2012-10-20 23:16 -------- d-----w- c:\users\Terry\AppData\Roaming\TuneUp Software
2012-10-20 23:12 . 2012-10-20 23:12 -------- d-----w- c:\users\Terry\AppData\Local\MFAData
2012-10-20 22:47 . 2012-10-22 01:10 -------- d-----w- c:\programdata\MFAData
2012-10-20 16:31 . 2012-10-22 01:10 -------- d-----w- c:\program files\Perfect Uninstaller
2012-10-16 15:11 . 2012-11-11 19:29 -------- d-----w- c:\users\Terry\AppData\Roaming\uTorrent
2012-10-14 19:46 . 2012-10-14 19:46 -------- d-----w- c:\users\Terry\AppData\Roaming\FinalVideoDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 00:26 . 2009-07-13 23:16 145408 ----a-w- c:\windows\SysWow64\powrprof.dll
2012-10-10 10:04 . 2010-09-01 16:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 11:24 . 2012-03-31 18:59 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:24 . 2011-06-28 14:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:24 . 2012-08-15 09:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-27 18:07 . 2012-10-10 09:36 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-09-23 22:42 . 2012-09-23 22:42 5632 ----a-w- c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42 37376 ----a-w- c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 04:06 . 2011-06-23 18:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39 788536 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-31 18:19 . 2012-10-10 08:49 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 08:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 08:48 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 08:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:03 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:03 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:03 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:03 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 17:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 08:48 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 08:48 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 08:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 08:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 08:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 08:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 08:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 08:48 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 08:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 08:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 08:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 08:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 08:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 0236211352488536mcinstcleanup;McAfee Application Installer Cleanup (0236211352488536);c:\windows\TEMP\023621~1.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsA udioDevice_383S(1).sys [2011-11-17 29288]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 11:24]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30&v=13.2.0.1&sap=hp
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc ,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-11-11 12:04:42
ComboFix-quarantined-files.txt 2012-11-11 20:04
ComboFix2.txt 2012-11-09 20:48
ComboFix3.txt 2012-11-08 04:15
ComboFix4.txt 2012-11-05 15:34
ComboFix5.txt 2012-11-11 19:33
.
Pre-Run: 745,616,089,088 bytes free
Post-Run: 745,306,116,096 bytes free
.
- - End Of File - - 889EC861DEABC2337CE1A01EFB927CFF
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
12-Nov-2012, 12:20 PM #23
I know you said earlier that OTL was having problems running a fix, but if you can delete the copy that you have, get a new one from here:

Download OTL to your Desktop

And then try this fix. If it still doesn't work, we'll try something else

---

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
    O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
    O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
12-Nov-2012, 07:57 PM #24
I'm afraid it still won't respond. Is it possible that the malware is blocking it? : (
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
15-Nov-2012, 01:56 PM #25
It could be, so lets see what's running so that we can kill it so we can run the tool


Download RogueKiller to your desktop
  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. Wait until the Pre-scan has finished.
  4. Click on Scan
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  6. Click on Report and copy/paste the contents here.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
16-Nov-2012, 01:22 PM #26
Here you go. I'm starting to get really discouraged about ever conquering this thing. Do I need to return my computer to factory settings? If so, what should I do in preparation?

Here's the RogueKiller log:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terry [Admin rights]
Mode : Scan -- Date : 11/16/2012 10:14:35

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DesktopWeather.exe -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-254241989-344465633-3051194989-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-22Y5B1 +++++
--- User ---
[MBR] fb09924c098012f41c95e7b2f97a8e27
[BSP] d0707f4155fd9ad6b4c3018771cef6d1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 3200BEV External USB Device +++++
--- User ---
[MBR] beea9460a2ac537379dfeacfce6df664
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: SMI USB DISK USB Device +++++
--- User ---
[MBR] 212c4e1e73bf2dea892238af0354661f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15479 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11162012_02d1014.txt >>
RKreport[1]_S_11162012_02d1014.txt
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Nov-2012, 03:18 PM #27
Sometimes tools don't want to work, which can be down to all sorts of reasons, however restoring is normally the last option I do, as 99% of the time, we can remove the infections.

Can you run this for me, and then we'll remove them using another tool, as I saw ComboFix ran okay


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *Conduit*
    *uTorrentControl2*
    *InstallMate*
    *Tarma Installer*
    *Ilivid*
    *OpenCandy*
    *searchqu*
    *AVG Secure Search*
    *CToolbar*
    *StartSearch*
    *Babylon*
    *Crossrider*
    *Freeze.com*
    *Viewpoint*
    *StartNow*
    *isearch*
    :folderfind
    *Conduit*
    *uTorrentControl2*
    *InstallMate*
    *Tarma Installer*
    *Ilivid*
    *OpenCandy*
    *searchqu*
    *AVG Secure Search*
    *CToolbar*
    *StartSearch*
    *Babylon*
    *Crossrider*
    *Freeze.com*
    *Viewpoint*
    *StartNow*
    *isearch*
    :regfind
    Conduit
    uTorrentControl2
    InstallMate
    Tarma Installer
    Ilivid
    OpenCandy
    searchqu
    AVG Secure Search
    CToolbar
    StartSearch
    Babylon
    Crossrider
    Freeze.com
    Viewpoint
    StartNow
    isearch
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
TerryD55's Avatar
TerryD55 TerryD55 is offline
Computer Specs
Member with 74 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Beginner
19-Nov-2012, 05:13 PM #28
Thanks Eddie. I appreciate all of your assistance.

Here's the info you requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:55 on 19/11/2012 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf --a---- 19604 bytes [14:49 16/04/2009] [14:49 16/04/2009] 2019BE2CCBB888D9FA8B4EE8DFBD4CF4
C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf --a---- 27484 bytes [14:49 16/04/2009] [14:49 16/04/2009] CB70FA803082E4F3D0402799613171EE
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634188644294968750.png --a---- 2082 bytes [02:14 29/10/2012] [19:36 14/10/2012] 369D7B1919164AE582123413766EBB1E
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634442641766325000.png --a---- 1062 bytes [02:14 29/10/2012] [19:36 14/10/2012] A6E265A10E77FBAF77DDDCC11E155B26
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634442671524633757.png --a---- 1188 bytes [02:14 29/10/2012] [19:36 14/10/2012] 4B8A28889FDB2CFE1FEC952729DD2266
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634442676849165007.png --a---- 1416 bytes [02:14 29/10/2012] [19:36 14/10/2012] D863883F87BD0FBD96B6D7F3A95BD0F8
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634442677346508757.png --a---- 1393 bytes [02:14 29/10/2012] [19:36 14/10/2012] 674CAA942DF7A568B24C21453F897718
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634442678744790007.png --a---- 1342 bytes [02:14 29/10/2012] [19:36 14/10/2012] 897BF535CB7A1C6169E8E760A704CCF3
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Im ages_634816857722205000.png --a---- 1851 bytes [02:14 29/10/2012] [19:36 14/10/2012] FA4EDBC5038FFE10F89AFD0BDC86A401
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sh aring_temp_634442626744350001_24PX.png --a---- 866 bytes [02:14 29/10/2012] [19:36 14/10/2012] 4F23EED01724E80596C51E1E8401C01F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sh aring_temp_634442628354662501_24PX.png --a---- 1139 bytes [02:14 29/10/2012] [19:36 14/10/2012] A7F72FBD280435CA5DE978D3DEFF720F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sh aring_temp_634442631291400001_24PX.png --a---- 1202 bytes [02:14 29/10/2012] [19:36 14/10/2012] 37123FD3C9499437EB639B722D69A33F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook _Facebook.png --a---- 772 bytes [02:14 29/10/2012] [19:36 14/10/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages _radio.gif --a---- 419 bytes [02:14 29/10/2012] [19:36 14/10/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResour ces_mini_browser.gif --a---- 950 bytes [02:14 29/10/2012] [19:36 14/10/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_s eparator.gif --a---- 314 bytes [02:14 29/10/2012] [19:36 14/10/2012] 2E25133B02C7C430B953CC6B2C092010
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengine s_search_icon.gif --a---- 322 bytes [02:14 29/10/2012] [19:36 14/10/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js --a---- 30362 bytes [02:14 29/10/2012] [18:40 05/09/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [02:14 29/10/2012] [18:40 05/09/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [02:14 29/10/2012] [18:40 05/09/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css --a---- 3 bytes [02:14 29/10/2012] [18:40 05/09/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm --a---- 760 bytes [02:14 29/10/2012] [18:40 05/09/2012] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Terry\Downloads\Programs\HSS-2.70-install-anchorfree-393-conduit.exe --a---- 5321760 bytes [15:04 28/09/2012] [15:04 28/09/2012] FAD6FF07EDFF6F0E9541CC5CA4920212

Searching for "*uTorrentControl2*"
No files found.

Searching for "*InstallMate*"
No files found.

Searching for "*Tarma Installer*"
No files found.

Searching for "*Ilivid*"
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1050 bytes [17:36 06/11/2012] [17:36 06/11/2012] 0F2421C9E88233320CBF9048613B38D4
C:\Users\Terry\Desktop\iLivid.lnk --a---- 1042 bytes [17:36 06/11/2012] [17:36 06/11/2012] 9A7E310753A6B952E11088452B61B39B
C:\Users\Terry\Downloads\Programs\iLividSetup.exe --a---- 1302424 bytes [17:35 06/11/2012] [17:35 06/11/2012] 756F67A33A424E53BC71E49EF0BFE951
C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe --a---- 2060760 bytes [01:47 07/12/2011] [01:47 07/12/2011] 11A40C3EC61C32C4EED1175D92A8C5EA
C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe --a---- 2063040 bytes [00:06 06/02/2012] [00:06 06/02/2012] 12D6957E9D66B1DCF3062599A74D297F

Searching for "*OpenCandy*"
No files found.

Searching for "*searchqu*"
No files found.

Searching for "*AVG Secure Search*"
No files found.

Searching for "*CToolbar*"
No files found.

Searching for "*StartSearch*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Crossrider*"
No files found.

Searching for "*Freeze.com*"
No files found.

Searching for "*Viewpoint*"
C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe --a---- 3858056 bytes [22:22 21/09/2010] [14:59 23/03/2010] FC393CFF7BC091C6733A7DF192A4D133
C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe --a---- 3858056 bytes [00:36 31/05/2012] [22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133

Searching for "*StartNow*"
No files found.

Searching for "*isearch*"
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp -ra---- 22460 bytes [14:37 15/11/2012] [14:37 15/11/2012] 3F0093034EBEFA9068ECB37E408DF37B
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp -ra---- 22460 bytes [14:34 15/11/2012] [14:34 15/11/2012] EB22A341F119143350920E828BD2CF37

========== folderfind ==========

Searching for "*Conduit*"
No folders found.

Searching for "*uTorrentControl2*"
No folders found.

Searching for "*InstallMate*"
No folders found.

Searching for "*Tarma Installer*"
No folders found.

Searching for "*Ilivid*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*searchqu*"
No folders found.

Searching for "*AVG Secure Search*"
No folders found.

Searching for "*CToolbar*"
No folders found.

Searching for "*StartSearch*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*Freeze.com*"
No folders found.

Searching for "*Viewpoint*"
No folders found.

Searching for "*StartNow*"
No folders found.

Searching for "*isearch*"
No folders found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptyp e=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid= 12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptyp e=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid= 12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\49A430ED76EBA681EDC30AE3E421A6AF]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\4CF16DF3D66B098F6F24B971E18632AA]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_ RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_ RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptyp e=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid= 12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptyp e=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid= 12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"

Searching for "uTorrentControl2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2A utoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2A utoUpdateHelper_RASMANCS]

Searching for "InstallMate"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSe tupV1_1191\iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV 1_1191\"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetu pV1_1191\iLividSetupV1_1191.log"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794. 1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794 .1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB4 2DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB4 2DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\Referre rID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\St art Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RAS API32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RAS MANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAP I32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMA NCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Pr ivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=P rivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Pr ivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=P rivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Pr ivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=P rivate|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSe tupV1_1191\iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV 1_1191\"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetu pV1_1191\iLividSetupV1_1191.log"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794. 1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794 .1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organ ic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"LatestDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"CampaignDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"PurchaseUrl"="http://www.liutilities.com/products/campaigns/dstrial/adv/opencandy/4ds/"

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughli n"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughli n"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"

Searching for "AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmo pecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\11.1.0.12\avg.crx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "CToolbar"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]

Searching for "StartSearch"
No data found.

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_c c%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utm cmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp %3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645% 3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%2 0gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc% 3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utm cmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp %3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645% 3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%2 0gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAP I32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMA NCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_c c%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utm cmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp %3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645% 3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%2 0gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc% 3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utm cmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp %3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645% 3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%2 0gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"

Searching for "Freeze.com"
No data found.

Searching for "Viewpoint"
No data found.

Searching for "StartNow"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

Searching for "isearch"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]

-= EOF =-
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
21-Nov-2012, 06:22 PM #29
Okay, as you can guess, there is a lot there, but not all of it is bad.

Whilst I create a fix (of which I need to check some things out), can you uninstall this:

PC Optimizer Pro

Why?

http://www.microsoft.com/security/po...PCOptimizerPro

Also, can you uninstall SUPERAntiSpyware. For some weird reason, its protecting a homepage which is not what you want. Think it may have defaulted to this.

Back in a bit, probably tomorrow at 5ish, as its 11.20pm here
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
eddie5659's Avatar
eddie5659 eddie5659 is offline eddie5659 is authorized to help remove malware.
Computer Specs
Moderator & Malware Removal Specialist with 28,409 posts.
 
Join Date: Mar 2001
Location: Bradford, England
21-Nov-2012, 06:59 PM #30
First off, can you backup as follows:


Backing Up Your Registry
  1. Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.







1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_CURRENT_USER\Software\DataMngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\ilivid]
[-HKEY_CURRENT_USER\Software\searchqutoolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[-HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
File::
%APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml
%APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm
%TEMP%\BandooV6.exe
%TEMP%\SetupDataMngr_Searchqu.exe
%TEMP%\SweetIMReinstall\SweetImSetup.exe
%TEMP%\ilivid.7z
%TEMP%\searchqu.ini
%TEMP%\searchqutoolbar-manifest.xml
%USERPROFILE%\Downloads\SweetImSetup.exe
%USERPROFILE%\Downloads\iLividSetupV1.exe
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml
C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
C:\Users\Terry\Desktop\iLivid.lnk
C:\Users\Terry\Downloads\Programs\iLividSetup.exe
C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe
C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe
C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe
C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp
Folder::
%APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar
%APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7}
%LOCALAPPDATA%\Ilivid Player
%TEMP%\BandooFiles
%TEMP%\SweetIMReinstall
%USERPROFILE%\AppData\LocalLow\searchquband
%USERPROFILE%\AppData\LocalLow\searchqutoolbar
%USERPROFILE%\AppData\LocalLow\DataMngr
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\iLivid
C:\Windows\Prefetch\ILIVID*
C:\Windows\Prefetch\SEARCHQUMEDIABAR*
C:\Windows\Prefetch\SETUPDATAMNGR*
C:\Program Files (x86)\iLivid
C:\Program Files (x86)\Windows Savevid Toolbar
C:\Program Files (x86)\Savevid



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



-------

I'll then post the new SystemLook code to run, but will wait for the above first, as its quite lengthy, and it may take a while to run the fix, so give it time

You'll also see some things in the fix that we didn't search for, but these can be related, so prefer to check for them, just to be safe.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
avg, isearch

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Forum Jump

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑