1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to remove Isearch AVG virus

Discussion in 'Virus & Other Malware Removal' started by TerryD55, Oct 21, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    Alright, here you go:

    OTL logfile created on: 11/10/2012 10:16:51 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.50% Memory free
    11.93 Gb Paging File | 10.03 Gb Available in Paging File | 84.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 917.74 Gb Total Space | 691.85 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
    Drive G: | 298.02 Gb Total Space | 95.81 Gb Free Space | 32.15% Space Free | Partition Type: FAT32

    Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/09 10:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
    PRC - [2012/11/06 09:32:52 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
    PRC - [2012/10/10 01:16:38 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    PRC - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
    PRC - [2012/06/05 09:11:34 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
    PRC - [2011/06/17 09:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
    PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
    PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
    PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2010/05/25 04:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
    PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/23 09:54:54 | 000,118,784 | ---- | M] () -- c:\Program Files (x86)\Common Files\aol\1285107697\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/09/07 15:46:15 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
    SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/01 07:44:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
    SRV - [2012/10/09 03:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
    SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
    SRV - [2011/06/17 09:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
    SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
    SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
    SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
    SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/27 10:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
    DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
    DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
    DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 0D 96 B1 2A BD CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
    IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2012/10/31 15:41:55 | 000,000,000 | ---D | M]

    [2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
    [2012/11/06 09:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
    [2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]

    ========== Chrome ==========

    CHR - homepage: http://www.aol.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.aol.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - Extension: __MSG_buttonTitle__ = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg\1.0.7_0\
    CHR - Extension: EasyClock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.5_0\
    CHR - Extension: AdBlock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
    CHR - Extension: TweetDeck = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.1.0_0\
    CHR - Extension: Read Your AOL Mail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\

    O1 HOSTS File: ([2012/11/09 12:26:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
    O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
    O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
    O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
    O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/10 07:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/11/09 12:26:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/09 12:15:13 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/11/09 09:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/11/09 08:22:28 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/11/09 08:22:27 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
    [2012/11/09 08:22:27 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/11/09 08:22:18 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/11/09 08:22:18 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/11/09 08:22:18 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/11/09 08:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/11/07 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
    [2012/11/05 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\ComboFix logs
    [2012/11/03 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Logs
    [2012/11/02 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Adobe Photoshop Elements 11
    [2012/11/02 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/11/02 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
    [2012/11/02 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Calling Card
    [2012/11/02 09:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAHCS remoteIT Support
    [2012/11/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
    [2012/11/02 08:18:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Applet
    [2012/11/01 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{28B37C5F-0747-4FF2-8108-F3BD26E2D0E3}
    [2012/10/31 16:36:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/10/31 16:36:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/10/31 16:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/10/31 16:36:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/10/31 16:36:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/10/31 16:36:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/10/31 16:36:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/10/31 16:36:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/10/31 16:36:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/10/31 16:36:04 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/10/31 16:36:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/10/31 16:36:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/10/31 16:36:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/10/31 16:36:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/10/31 16:36:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/10/31 16:36:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/10/31 16:36:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/10/31 16:36:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/10/31 16:36:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/10/31 16:36:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/10/31 16:36:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/10/31 16:36:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/10/31 16:34:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/10/31 16:34:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/10/29 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
    [2012/10/29 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
    [2012/10/29 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2012/10/28 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\GRETECH
    [2012/10/28 18:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/10/28 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Old Firefox Data
    [2012/10/28 12:24:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/28 12:24:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/28 12:24:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/28 12:19:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/23 21:22:40 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2012/10/22 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Curiolab
    [2012/10/22 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
    [2012/10/22 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
    [2012/10/22 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
    [2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
    [2012/10/21 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\DriverCure
    [2012/10/21 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\SpeedyPC Software
    [2012/10/21 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    [2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/10/20 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
    [2012/10/20 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\MFAData
    [2012/10/20 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/10/20 08:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
    [2012/10/17 13:32:32 | 000,000,000 | ---D | C] -- C:\Users\Terry\Documents\GomPlayer
    [2012/10/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\uTorrent
    [2012/10/14 11:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/10/14 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
    [2012/10/12 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{DC84B566-B8D7-4FDA-A2EB-94D3A13F434E}
    [2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
    [2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/11/10 09:35:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
    [2012/11/10 09:33:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/10 09:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/10 07:13:26 | 000,003,336 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
    [2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
    [2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
    [2012/11/10 07:11:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/10 07:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/10 02:53:08 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/10 02:53:08 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/10 02:53:08 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/10 02:46:02 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
    [2012/11/09 12:26:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/09 08:22:13 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2012/11/09 08:22:12 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
    [2012/11/09 08:22:12 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/11/09 08:22:12 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/11/09 08:22:12 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/11/09 08:22:12 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/11/07 21:43:09 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
    [2012/11/06 09:36:56 | 000,001,042 | ---- | M] () -- C:\Users\Terry\Desktop\iLivid.lnk
    [2012/11/01 16:24:12 | 000,000,017 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
    [2012/10/28 18:29:09 | 000,002,262 | ---- | M] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
    [2012/10/28 15:40:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2012/10/28 12:20:53 | 000,013,453 | ---- | M] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
    [2012/10/22 20:27:54 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
    [2012/10/22 15:58:10 | 000,001,271 | ---- | M] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
    [2012/10/20 09:44:45 | 000,000,134 | ---- | M] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
    [2012/10/15 19:41:30 | 000,123,947 | ---- | M] () -- C:\Users\Terry\Documents\do not call 101512.jpg
    [2012/10/15 07:02:43 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err

    ========== Files Created - No Company Name ==========

    [2012/11/07 21:43:09 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
    [2012/11/06 09:36:56 | 000,001,050 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    [2012/11/06 09:36:56 | 000,001,042 | ---- | C] () -- C:\Users\Terry\Desktop\iLivid.lnk
    [2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
    [2012/10/28 18:29:09 | 000,002,262 | ---- | C] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
    [2012/10/28 18:28:23 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/28 18:28:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/28 12:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/28 12:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/28 12:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/28 12:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/28 12:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/28 12:20:53 | 000,013,453 | ---- | C] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
    [2012/10/22 20:27:54 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
    [2012/10/22 15:58:10 | 000,001,271 | ---- | C] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
    [2012/10/20 09:43:12 | 000,000,134 | ---- | C] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
    [2012/10/15 19:41:30 | 000,123,947 | ---- | C] () -- C:\Users\Terry\Documents\do not call 101512.jpg
    [2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
    [2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
    [2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
    [2012/07/14 17:18:15 | 000,003,336 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
    [2012/07/14 17:18:15 | 000,001,872 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
    [2012/04/01 16:55:52 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
    [2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
    [2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
    [2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
    [2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < MD5 for: EASYREDIRECT.DLL >
    [2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.dll
    [2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Windows\SysWOW64\EasyRedirect.dll

    < MD5 for: EASYREDIRECT64.DLL >
    [2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect64.dll
    [2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Windows\SysNative\EasyRedirect64.dll

    < type C:\Windows\SysNative\tasks\{0683BC82-8C1A-4A50-89AB-76E6F0E2000F} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{2B0FE4CE-0A31-41CF-80CC-69E230EF6B91} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp\AIRInstallerRunner.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp"</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{2DD29572-BF27-4834-8EC4-CF3E5DCAC476} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\imikimi_installer_0.5.1.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{2F07F134-76B5-4139-A4A1-46B61AC314C5} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{33D9479F-26EF-4AC6-B9D8-76F6F9C571EE} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime\AdobeAIRInstaller.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime"</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{34A9AF6C-F400-4A62-BD3C-6A6263525F0B} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_4.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{36A48130-E980-4F6F-8E3D-FE11722CCC7E} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{65EB418A-6463-412B-A1A5-3C9809A937E1} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller_2.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{663CCBE3-8C12-401A-9385-F4A4BE249E5B} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{67188DDC-A9EA-4A36-A501-FC9705314E1E} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{76399AAA-FCA6-4F58-AD27-AC1E75A6E63B} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{7640452F-90A3-462D-8711-90D73B40DC18} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{79577837-9767-4E42-B4C5-052F9F880FD0} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Program Files (x86)\InstallShield Installation Information\{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}\setup.exe" -c -runfromtemp -l0x0409 -removeonly</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{82F5C5C0-6AD1-4AD0-BD69-CAE86534291D} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_5.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{860C9D8C-2F4D-4D1A-BA45-F40A3C6EBBFA} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Users\Terry\Downloads\imikimi_installer_0.5.1 (2).exe"</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{900D27E2-5CAD-4330-8B8D-99D67ED786E3} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{916BEB90-2210-4479-8F8E-0B67D2C3E420} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\AdobeAIRInstaller_3.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{9579517A-E5BF-4C94-8F6C-82B138C9EBC4} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{AAA3DAE0-A9CF-405A-B0EF-39AF11AF9380} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{C9B837AF-7E7D-40C8-9506-325622870BF7} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{CE63C5C6-AE7F-442A-82AA-0CE1C00335D3} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a "C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT47VVWI\acssetup[1].exe" -d C:\Users\Terry\Desktop</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D2D4BEF3-C187-4043-9A20-7C0774215812} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a D:\setup.exe -d D:\</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D6F8B3B3-4805-4EAC-B921-BF4D34C1ABC1} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D735555C-4802-40E8-A9EF-728863CF0F4F} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D838EFB5-8D22-423C-91E7-13A2777A65F0} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D91A91F8-548C-4C6F-B2BB-7A54FBD1C59E} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D9B587A7-A03B-48A8-873D-05F527B35D27} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{D9B8B4B8-3B7D-43B5-BA29-3990AF16781D} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{DE09B16B-CF76-4EE5-9A57-44DBEC57E698} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Windows\system32\pcalua.exe</Command>
    <Arguments>-a C:\Users\Terry\Downloads\Programs\adweather2sp_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{E1016A45-307F-45E6-B766-13236C7006F1} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < type C:\Windows\SysNative\tasks\{EECAB2C0-513B-42F6-8D92-E4BB1D303257} /c >
    <?xml version="1.0" encoding="UTF-16"?>
    <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo />
    <Triggers>
    <RegistrationTrigger>
    <Enabled>true</Enabled>
    </RegistrationTrigger>
    </Triggers>
    <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
    <Duration>PT10M</Duration>
    <WaitTimeout>PT1H</WaitTimeout>
    <StopOnIdleEnd>true</StopOnIdleEnd>
    <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
    <Exec>
    <Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
    </Exec>
    </Actions>
    <Principals>
    <Principal id="Author">
    <UserId>Terry-PC\Terry</UserId>
    <LogonType>InteractiveToken</LogonType>
    <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
    </Principals>
    </Task>

    < End of report >



    Thanks
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Thanks :)

    I know I've seen this in your installed programs, but did you knowingly install this:

    Easy-Hide-IP

    Or is this the first you've seen of it?

    Also, any joy with the rest of the scans here:

    http://forums.techguy.org/8521408-post15.html

    Underneath the OTL part ;)
     
  3. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    Oh shoot! I had to do other things yesterday and forgot to run the other scans. :eek: Yes, the Easy Hide is something I installed. I'll run those other scans and post those back to you. Thanks!
     
  4. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
  5. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    OK, I think I've got it all now.

    The CKScanner results:
    CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\ez fonts\fonts\crackdr2.ttf
    c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
    c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\cracked paint.metadata.xml
    scanner sequence 3.AB.11.UNBCNI
    ----- EOF -----

    ..........................................................................................................................................................................

    SystemLook results:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 09:29 on 11/11/2012 by Terry
    Administrator - Elevation successful

    ========== file ==========

    c:\windows\system32\drivers\ndis.sys - File found and opened.
    MD5: 760E38053BF56E501D562B70AD796B88
    Created at 10:03 on 12/09/2012
    Modified at 18:12 on 22/08/2012
    Size: 950128 bytes
    Attributes: --a----
    FileDescription: NDIS 6.20 driver
    FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
    ProductVersion: 6.1.7600.16385
    OriginalFilename: NDIS.SYS.MUI
    InternalName: NDIS.SYS
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    c:\windows\system32\drivers\netio.sys - File found and opened.
    MD5: 7942B7AC3FF598F8A1736D51ADAF04E8
    Created at 10:03 on 12/09/2012
    Modified at 18:12 on 22/08/2012
    Size: 376688 bytes
    Attributes: --a----
    FileDescription: Network I/O Subsystem
    FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
    ProductVersion: 6.1.7601.17939
    OriginalFilename: netio.sys
    InternalName: netio.sys
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    c:\windows\system32\drivers\FWPKCLNT.SYS - File found and opened.
    MD5: 910DD6694848872FD3B8F42BAF801D0A
    Created at 10:03 on 12/09/2012
    Modified at 18:12 on 22/08/2012
    Size: 288624 bytes
    Attributes: --a----
    FileDescription: FWP/IPsec Kernel-Mode API
    FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
    ProductVersion: 6.1.7601.17939
    OriginalFilename: fwpkclnt.sys
    InternalName: fwpkclnt.sys
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe - Unable to find/read file.

    c:\program files (x86)\AOL OnePoint\IDVault.exe - Unable to find/read file.

    c:\programdata\Best Buy pc app\ClickOnceSetup.exe - Unable to find/read file.

    c:\windows\system32\drivers\WsAudioDevice_383S(1).sys - File found and opened.
    MD5: AD12F5C7251BB8D575D560894E73CBBA
    Created at 18:40 on 02/10/2012
    Modified at 23:08 on 17/11/2011
    Size: 29288 bytes
    Attributes: --a----
    FileDescription: Wondershare Virtual Audio Device
    FileVersion: 1.00
    ProductVersion: 1.00
    InternalName: wsvad
    ProductName: Virtual Audio driver
    CompanyName: Wondershare
    LegalCopyright: Copyright (C) Wondershare Corp.2007

    C:\Windows\SysNative\EasyRedirect64.dll - Unable to find/read file.

    C:\Windows\SysWow64\EasyRedirect.dll - File found and opened.
    MD5: D8BE4573B207A91A32694ED16D48975F
    Created at 01:18 on 15/07/2012
    Modified at 22:08 on 13/07/2012
    Size: 364360 bytes
    Attributes: --a----
    FileDescription: EasyRedirect.dll
    FileVersion: 2.1.9.9
    ProductVersion: 2.1.9.9
    OriginalFilename:
    InternalName:
    ProductName: EasyRedirect.dll
    CompanyName: EasyTech
    LegalCopyright: Copyright © 2010
    Comments:

    -= EOF =-
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Excellent, all are legit. Just wanted to be sure, especially about those two files you uploaded for me :)

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  7. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    OK, on to the next:

    ComboFix 12-11-10.01 - Terry 11/11/2012 11:35:24.12.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4312 [GMT -8:00]
    Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
    Command switches used :: c:\users\Terry\Desktop\Logs\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-11 19:47 . 2012-11-11 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-10 19:02 . 2012-11-11 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-11-10 19:02 . 2012-11-11 19:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-11-10 19:01 . 2012-11-10 19:01 -------- d-----w- c:\users\Terry\AppData\Local\Programs
    2012-11-09 17:04 . 2012-11-09 17:04 -------- d-----w- C:\_OTL
    2012-11-09 16:22 . 2012-11-09 16:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-09 16:22 . 2012-11-09 16:22 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-11-09 16:22 . 2012-11-09 16:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-09 16:22 . 2012-11-09 16:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-11-09 16:22 . 2012-11-09 16:22 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-11-09 16:22 . 2012-11-09 16:22 188904 ----a-w- c:\windows\system32\java.exe
    2012-11-09 16:22 . 2012-11-09 16:22 -------- d-----w- c:\program files\Java
    2012-11-03 03:37 . 2012-11-03 03:37 -------- d-----w- c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-11-03 03:37 . 2012-11-03 05:02 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
    2012-11-02 17:59 . 2012-11-03 05:01 -------- d-----w- c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
    2012-11-02 17:44 . 2012-11-03 05:01 -------- d-----w- c:\program files (x86)\LogMeIn Rescue Calling Card
    2012-11-02 16:18 . 2012-11-03 05:12 -------- d-----w- c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
    2012-11-01 00:34 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-11-01 00:34 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-11-01 00:34 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-11-01 00:34 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-11-01 00:34 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-11-01 00:34 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2012-11-01 00:34 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-11-01 00:34 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-11-01 00:34 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-10-30 02:09 . 2012-10-30 02:09 -------- d-----w- c:\program files (x86)\Gophoto.it
    2012-10-30 02:05 . 2012-10-31 23:39 -------- d-----w- c:\program files (x86)\OnlineHD.TV
    2012-10-30 01:51 . 2012-10-31 23:39 -------- d-----w- c:\program files (x86)\uTorrent
    2012-10-29 03:21 . 2012-11-03 05:04 -------- d-----w- c:\users\Terry\AppData\Roaming\GRETECH
    2012-10-24 05:22 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-10-23 04:28 . 2012-10-23 04:28 -------- d-----w- c:\users\Terry\AppData\Roaming\Curiolab
    2012-10-23 04:27 . 2012-11-08 03:37 -------- d-----w- c:\program files (x86)\Exterminate It!
    2012-10-23 00:45 . 2012-10-23 00:45 -------- d-----w- c:\program files (x86)\ESET
    2012-10-22 00:35 . 2012-11-08 22:01 -------- d-----w- c:\program files (x86)\STOPzilla!
    2012-10-22 00:35 . 2012-11-08 22:01 -------- d-----w- c:\programdata\STOPzilla!
    2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\users\Terry\AppData\Roaming\DriverCure
    2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\users\Terry\AppData\Roaming\SpeedyPC Software
    2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-10-21 23:54 . 2012-10-21 23:54 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-10-21 00:10 . 2012-10-21 00:10 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-10-20 23:16 . 2012-10-20 23:16 -------- d-----w- c:\users\Terry\AppData\Roaming\TuneUp Software
    2012-10-20 23:12 . 2012-10-20 23:12 -------- d-----w- c:\users\Terry\AppData\Local\MFAData
    2012-10-20 22:47 . 2012-10-22 01:10 -------- d-----w- c:\programdata\MFAData
    2012-10-20 16:31 . 2012-10-22 01:10 -------- d-----w- c:\program files\Perfect Uninstaller
    2012-10-16 15:11 . 2012-11-11 19:29 -------- d-----w- c:\users\Terry\AppData\Roaming\uTorrent
    2012-10-14 19:46 . 2012-10-14 19:46 -------- d-----w- c:\users\Terry\AppData\Roaming\FinalVideoDownloader
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-02 00:26 . 2009-07-13 23:16 145408 ----a-w- c:\windows\SysWow64\powrprof.dll
    2012-10-10 10:04 . 2010-09-01 16:14 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 11:24 . 2012-03-31 18:59 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 11:24 . 2011-06-28 14:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 11:24 . 2012-08-15 09:05 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-09-27 18:07 . 2012-10-10 09:36 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-09-23 22:42 . 2012-09-23 22:42 5632 ----a-w- c:\windows\system32\bbchlp.dll
    2012-09-23 22:42 . 2012-09-23 22:42 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
    2012-09-23 22:42 . 2012-09-23 22:42 37376 ----a-w- c:\windows\system32\bbcap.dll
    2012-09-14 19:19 . 2012-10-10 08:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 08:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-09-13 21:06 . 2012-09-13 21:06 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
    2012-09-13 19:26 . 2012-09-13 19:26 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
    2012-09-09 04:06 . 2012-05-13 17:43 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-09 04:06 . 2011-06-23 18:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-03 15:39 . 2012-09-03 15:39 788536 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
    2012-08-31 18:19 . 2012-10-10 08:49 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 08:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 08:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 08:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05 . 2012-10-10 08:48 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-10 08:48 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-08-24 11:15 . 2012-09-22 10:01 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-22 10:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-22 10:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-22 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-22 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-22 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-22 10:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-22 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-22 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-22 10:01 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-22 10:01 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-22 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-22 10:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-22 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-22 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-22 10:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-22 10:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-22 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-22 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-22 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-22 10:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-22 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 10:03 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 10:03 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 10:03 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 10:03 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-25 17:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 18:48 . 2012-10-10 08:48 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-08-20 18:48 . 2012-10-10 08:48 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-08-20 18:48 . 2012-10-10 08:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-08-20 18:48 . 2012-10-10 08:48 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 18:48 . 2012-10-10 08:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-08-20 18:48 . 2012-10-10 08:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 18:48 . 2012-10-10 08:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
    2012-08-20 18:46 . 2012-10-10 08:48 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 17:40 . 2012-10-10 08:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38 . 2012-10-10 08:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-20 17:38 . 2012-10-10 08:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2012-08-20 17:37 . 2012-10-10 08:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-08-20 17:37 . 2012-10-10 08:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 08:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3540416]
    "Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
    "uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
    "DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    .
    c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
    R2 0236211352488536mcinstcleanup;McAfee Application Installer Cleanup (0236211352488536);c:\windows\TEMP\023621~1.EXE [x]
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
    R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
    R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
    S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
    S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
    S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
    S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 11:24]
    .
    2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
    .
    2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
    .
    2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30&v=13.2.0.1&sap=hp
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
    IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
    IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
    Trusted Zone: twitter.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
    c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    Completion time: 2012-11-11 12:04:42
    ComboFix-quarantined-files.txt 2012-11-11 20:04
    ComboFix2.txt 2012-11-09 20:48
    ComboFix3.txt 2012-11-08 04:15
    ComboFix4.txt 2012-11-05 15:34
    ComboFix5.txt 2012-11-11 19:33
    .
    Pre-Run: 745,616,089,088 bytes free
    Post-Run: 745,306,116,096 bytes free
    .
    - - End Of File - - 889EC861DEABC2337CE1A01EFB927CFF
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    I know you said earlier that OTL was having problems running a fix, but if you can delete the copy that you have, get a new one from here:

    Download OTL to your Desktop

    And then try this fix. If it still doesn't work, we'll try something else ;)

    ---

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
      O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
      O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
      O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
      O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.
     
  9. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    I'm afraid it still won't respond. Is it possible that the malware is blocking it? : (
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    It could be, so lets see what's running so that we can kill it so we can run the tool :)


    Download RogueKiller to your desktop

    1. Quit all running programs
    2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    3. Wait until the Pre-scan has finished.
    4. Click on Scan
    5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    6. Click on Report and copy/paste the contents here.

    eddie
     
  11. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    Here you go. I'm starting to get really discouraged about ever conquering this thing. Do I need to return my computer to factory settings? If so, what should I do in preparation?

    Here's the RogueKiller log:

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Terry [Admin rights]
    Mode : Scan -- Date : 11/16/2012 10:14:35

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DesktopWeather.exe -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 14 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-254241989-344465633-3051194989-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10EARS-22Y5B1 +++++
    --- User ---
    [MBR] fb09924c098012f41c95e7b2f97a8e27
    [BSP] d0707f4155fd9ad6b4c3018771cef6d1 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD 3200BEV External USB Device +++++
    --- User ---
    [MBR] beea9460a2ac537379dfeacfce6df664
    [BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: SMI USB DISK USB Device +++++
    --- User ---
    [MBR] 212c4e1e73bf2dea892238af0354661f
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15479 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_11162012_02d1014.txt >>
    RKreport[1]_S_11162012_02d1014.txt
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Sometimes tools don't want to work, which can be down to all sorts of reasons, however restoring is normally the last option I do, as 99% of the time, we can remove the infections.

    Can you run this for me, and then we'll remove them using another tool, as I saw ComboFix ran okay :)


    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Conduit*
      *uTorrentControl2*
      *InstallMate*
      *Tarma Installer*
      *Ilivid*
      *OpenCandy*
      *searchqu*
      *AVG Secure Search*
      *CToolbar*
      *StartSearch*
      *Babylon*
      *Crossrider*
      *Freeze.com*
      *Viewpoint*
      *StartNow*
      *isearch*
      :folderfind
      *Conduit*
      *uTorrentControl2*
      *InstallMate*
      *Tarma Installer*
      *Ilivid*
      *OpenCandy*
      *searchqu*
      *AVG Secure Search*
      *CToolbar*
      *StartSearch*
      *Babylon*
      *Crossrider*
      *Freeze.com*
      *Viewpoint*
      *StartNow*
      *isearch*
      :regfind
      Conduit
      uTorrentControl2
      InstallMate
      Tarma Installer
      Ilivid
      OpenCandy
      searchqu
      AVG Secure Search
      CToolbar
      StartSearch
      Babylon
      Crossrider
      Freeze.com
      Viewpoint
      StartNow
      isearch
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt
     
  13. TerryD55

    TerryD55 Thread Starter

    Joined:
    Oct 21, 2012
    Messages:
    74
    Thanks Eddie. I appreciate all of your assistance.

    Here's the info you requested:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:55 on 19/11/2012 by Terry
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Conduit*"
    C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf --a---- 19604 bytes [14:49 16/04/2009] [14:49 16/04/2009] 2019BE2CCBB888D9FA8B4EE8DFBD4CF4
    C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf --a---- 27484 bytes [14:49 16/04/2009] [14:49 16/04/2009] CB70FA803082E4F3D0402799613171EE
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png --a---- 2082 bytes [02:14 29/10/2012] [19:36 14/10/2012] 369D7B1919164AE582123413766EBB1E
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png --a---- 1062 bytes [02:14 29/10/2012] [19:36 14/10/2012] A6E265A10E77FBAF77DDDCC11E155B26
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png --a---- 1188 bytes [02:14 29/10/2012] [19:36 14/10/2012] 4B8A28889FDB2CFE1FEC952729DD2266
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png --a---- 1416 bytes [02:14 29/10/2012] [19:36 14/10/2012] D863883F87BD0FBD96B6D7F3A95BD0F8
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png --a---- 1393 bytes [02:14 29/10/2012] [19:36 14/10/2012] 674CAA942DF7A568B24C21453F897718
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png --a---- 1342 bytes [02:14 29/10/2012] [19:36 14/10/2012] 897BF535CB7A1C6169E8E760A704CCF3
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png --a---- 1851 bytes [02:14 29/10/2012] [19:36 14/10/2012] FA4EDBC5038FFE10F89AFD0BDC86A401
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png --a---- 866 bytes [02:14 29/10/2012] [19:36 14/10/2012] 4F23EED01724E80596C51E1E8401C01F
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png --a---- 1139 bytes [02:14 29/10/2012] [19:36 14/10/2012] A7F72FBD280435CA5DE978D3DEFF720F
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png --a---- 1202 bytes [02:14 29/10/2012] [19:36 14/10/2012] 37123FD3C9499437EB639B722D69A33F
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png --a---- 772 bytes [02:14 29/10/2012] [19:36 14/10/2012] 1805E8470C0EE167396751BA3E9B0AAA
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [02:14 29/10/2012] [19:36 14/10/2012] 01B83C91554738F6AFFB7895BBBA73FB
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [02:14 29/10/2012] [19:36 14/10/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif --a---- 314 bytes [02:14 29/10/2012] [19:36 14/10/2012] 2E25133B02C7C430B953CC6B2C092010
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [02:14 29/10/2012] [19:36 14/10/2012] 948781E4B6478290050ECA4423B89B1E
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js --a---- 30362 bytes [02:14 29/10/2012] [18:40 05/09/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [02:14 29/10/2012] [18:40 05/09/2012] 5F8EF9A0B050532B90B2645E9627E3F9
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [02:14 29/10/2012] [18:40 05/09/2012] 04EC2FEFD3A417F86E983508778A00DD
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css --a---- 3 bytes [02:14 29/10/2012] [18:40 05/09/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm --a---- 760 bytes [02:14 29/10/2012] [18:40 05/09/2012] 93898FE6A232C5FCD838D8168F65D802
    C:\Users\Terry\Downloads\Programs\HSS-2.70-install-anchorfree-393-conduit.exe --a---- 5321760 bytes [15:04 28/09/2012] [15:04 28/09/2012] FAD6FF07EDFF6F0E9541CC5CA4920212

    Searching for "*uTorrentControl2*"
    No files found.

    Searching for "*InstallMate*"
    No files found.

    Searching for "*Tarma Installer*"
    No files found.

    Searching for "*Ilivid*"
    C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk --a---- 1050 bytes [17:36 06/11/2012] [17:36 06/11/2012] 0F2421C9E88233320CBF9048613B38D4
    C:\Users\Terry\Desktop\iLivid.lnk --a---- 1042 bytes [17:36 06/11/2012] [17:36 06/11/2012] 9A7E310753A6B952E11088452B61B39B
    C:\Users\Terry\Downloads\Programs\iLividSetup.exe --a---- 1302424 bytes [17:35 06/11/2012] [17:35 06/11/2012] 756F67A33A424E53BC71E49EF0BFE951
    C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe --a---- 2060760 bytes [01:47 07/12/2011] [01:47 07/12/2011] 11A40C3EC61C32C4EED1175D92A8C5EA
    C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe --a---- 2063040 bytes [00:06 06/02/2012] [00:06 06/02/2012] 12D6957E9D66B1DCF3062599A74D297F

    Searching for "*OpenCandy*"
    No files found.

    Searching for "*searchqu*"
    No files found.

    Searching for "*AVG Secure Search*"
    No files found.

    Searching for "*CToolbar*"
    No files found.

    Searching for "*StartSearch*"
    No files found.

    Searching for "*Babylon*"
    No files found.

    Searching for "*Crossrider*"
    No files found.

    Searching for "*Freeze.com*"
    No files found.

    Searching for "*Viewpoint*"
    C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe --a---- 3858056 bytes [22:22 21/09/2010] [14:59 23/03/2010] FC393CFF7BC091C6733A7DF192A4D133
    C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe --a---- 3858056 bytes [00:36 31/05/2012] [22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133

    Searching for "*StartNow*"
    No files found.

    Searching for "*isearch*"
    C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp -ra---- 22460 bytes [14:37 15/11/2012] [14:37 15/11/2012] 3F0093034EBEFA9068ECB37E408DF37B
    C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp -ra---- 22460 bytes [14:34 15/11/2012] [14:34 15/11/2012] EB22A341F119143350920E828BD2CF37

    ========== folderfind ==========

    Searching for "*Conduit*"
    No folders found.

    Searching for "*uTorrentControl2*"
    No folders found.

    Searching for "*InstallMate*"
    No folders found.

    Searching for "*Tarma Installer*"
    No folders found.

    Searching for "*Ilivid*"
    No folders found.

    Searching for "*OpenCandy*"
    No folders found.

    Searching for "*searchqu*"
    No folders found.

    Searching for "*AVG Secure Search*"
    No folders found.

    Searching for "*CToolbar*"
    No folders found.

    Searching for "*StartSearch*"
    No folders found.

    Searching for "*Babylon*"
    No folders found.

    Searching for "*Crossrider*"
    No folders found.

    Searching for "*Freeze.com*"
    No folders found.

    Searching for "*Viewpoint*"
    No folders found.

    Searching for "*StartNow*"
    No folders found.

    Searching for "*isearch*"
    No folders found.

    ========== regfind ==========

    Searching for "Conduit"
    [HKEY_CURRENT_USER\Software\DownloadManager\978]
    "FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
    [HKEY_CURRENT_USER\Software\DownloadManager\978]
    "Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49A430ED76EBA681EDC30AE3E421A6AF]
    "7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CF16DF3D66B098F6F24B971E18632AA]
    "7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
    "FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
    "Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"

    Searching for "uTorrentControl2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASMANCS]

    Searching for "InstallMate"
    No data found.

    Searching for "Tarma Installer"
    No data found.

    Searching for "Ilivid"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "Host"="download.cdn.ilivid.com"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "FileName"="iLividSetup.exe"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "Url0"="http://download.ilivid.com/iLividSetupV1.exe"
    [HKEY_CURRENT_USER\Software\DownloadManager\1191]
    "U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    "ProductName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
    "PackageName"="iLividSetupV1.msi"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
    "2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
    "2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
    "2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "InstallLocation"="C:\Program Files (x86)\iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    "DisplayName"="iLivid"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "Host"="download.cdn.ilivid.com"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "FileName"="iLividSetup.exe"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "Url0"="http://download.ilivid.com/iLividSetupV1.exe"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
    "U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]

    Searching for "OpenCandy"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
    "LatestDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
    "CampaignDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
    "PurchaseUrl"="http://www.liutilities.com/products/campaigns/dstrial/adv/opencandy/4ds/"

    Searching for "searchqu"
    [HKEY_CURRENT_USER\Software\DownloadManager\1000]
    "Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_CURRENT_USER\Software\DownloadManager\1000]
    "owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_CURRENT_USER\Software\DownloadManager\999]
    "FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_CURRENT_USER\Software\DownloadManager\999]
    "Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
    "ProtectedHomePage"="http://www.searchqu.com/406"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
    "Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
    "owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
    "FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
    "Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
    "ProtectedHomePage"="http://www.searchqu.com/406"

    Searching for "AVG Secure Search"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
    "path"="C:\ProgramData\AVG Secure Search\ChromeExt\11.1.0.12\avg.crx"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
    "ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
    "ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
    "ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    [HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
    [HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

    Searching for "CToolbar"
    [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
    [HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
    [HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
    [HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
    [HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
    "DllName"="TwcToolbarIe7.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
    "DllName"="TwcToolbarIe7.dll"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]

    Searching for "StartSearch"
    No data found.

    Searching for "Babylon"
    [HKEY_CURRENT_USER\Software\DownloadManager\1108]
    "Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
    [HKEY_CURRENT_USER\Software\DownloadManager\1108]
    "U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
    "Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
    "U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"

    Searching for "Crossrider"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
    @="ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055345591}]
    @="ICrossriderBHO"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
    @="ICrossriderBHO"

    Searching for "Freeze.com"
    No data found.

    Searching for "Viewpoint"
    No data found.

    Searching for "StartNow"
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

    Searching for "isearch"
    [HKEY_CURRENT_USER\Software\DownloadManager\1158]
    "Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
    [HKEY_CURRENT_USER\Software\DownloadManager\1158]
    "owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
    @="Content Index ISearch Creator Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
    @="ISearchRoot"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
    @="ISearchProtocolUrl"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
    @="ISearchCatalogManagerInternal"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
    @="ISearchCrawlScopeManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
    @="ISearchBoxInfo"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
    @="ISearchJob"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
    @="ISearchCatalogManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
    @="ISearchCompletedCallback"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
    @="ISearchBoxSettings"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
    @="ISearchLinks"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
    @="ISearchFolderItemFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
    @="ISearchPersistentItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
    @="ISearchCompletedCallbackArgs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
    @="ISearchCatalogManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
    @="ISearchScopeRule"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
    @="ISearchCrawlScopeManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
    @="ISearchItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
    @="ISearchManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchSchema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin3"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAccessList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchHelp"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfigs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfig"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
    @="ISearchNotifyInlineSite"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
    @="ISearchIDListFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
    @="ISearchResult"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
    @="ISearchLocate"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
    @="Content Index ISearch Creator Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
    @="ISearchRoot"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
    @="ISearchProtocolUrl"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
    @="ISearch"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
    @="ISearchCatalogManagerInternal"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
    @="ISearchCrawlScopeManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
    @="ISearchBoxInfo"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
    @="ISearchJob"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
    @="ISearchCatalogManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
    @="ISearchCompletedCallback"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
    @="ISearchBoxSettings"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
    @="ISearchLinks"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
    @="ISearchFolderItemFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
    @="ISearchPersistentItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
    @="ISearchCompletedCallbackArgs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
    @="ISearchCatalogManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
    @="ISearchScopeRule"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
    @="ISearchCrawlScopeManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
    @="ISearchItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
    @="ISearchManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchSchema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin3"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAccessList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchHelp"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfigs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfig"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
    @="ISearchNotifyInlineSite"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
    @="ISearchIDListFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
    @="ISearchResult"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
    @="ISearchLocate"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
    @="Content Index ISearch Creator Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
    @="ISearchRoot"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
    @="ISearchProtocolUrl"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
    @="ISearch"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
    @="ISearchCatalogManagerInternal"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
    @="ISearchCrawlScopeManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
    @="ISearchBoxInfo"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
    @="ISearchJob"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
    @="ISearchCatalogManager2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
    @="ISearchCompletedCallback"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
    @="ISearchBoxSettings"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
    @="ISearchLinks"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
    @="ISearchFolderItemFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
    @="ISearchPersistentItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
    @="ISearchCompletedCallbackArgs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
    @="ISearchCatalogManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
    @="ISearchScopeRule"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
    @="ISearchCrawlScopeManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
    @="ISearchItemsChangedSink"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
    @="ISearchManager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchSchema"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAdmin3"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchAccessList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbAdmin"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchHelp"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchNameAndDescriptionObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnList"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchColumnObj"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfigs"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
    @="ISearchOleDbConfig"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
    @="ISearchNotifyInlineSite"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
    @="ISearchIDListFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
    @="ISearchResult"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
    @="ISearchLocate"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
    "Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
    "owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]

    -= EOF =-
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Okay, as you can guess, there is a lot there, but not all of it is bad.

    Whilst I create a fix (of which I need to check some things out), can you uninstall this:

    PC Optimizer Pro

    Why?

    http://www.microsoft.com/security/p.../Entry.aspx?Name=Program:Win32/PCOptimizerPro

    Also, can you uninstall SUPERAntiSpyware. For some weird reason, its protecting a homepage which is not what you want. Think it may have defaulted to this.

    Back in a bit, probably tomorrow at 5ish, as its 11.20pm here :)
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    First off, can you backup as follows:


    Backing Up Your Registry
    1. Download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    2. Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    3. Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    4. Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    5. Make sure that at least the first two check boxes are ticked
    6. Press OK
    7. Press YES to create the folder.
    [​IMG]






    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    [-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    [-HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
    [-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
    [-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
    [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    File::
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\[url]www.ilivid[/url][1].xml
    %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\[url]www.searchqu[/url][1].xml
    C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif
    C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css
    C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm
    C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    C:\Users\Terry\Desktop\iLivid.lnk
    C:\Users\Terry\Downloads\Programs\iLividSetup.exe
    C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe
    C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe
    C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe
    C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe
    C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp
    C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp
    Folder::
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7}
    %LOCALAPPDATA%\Ilivid Player
    %TEMP%\BandooFiles
    %TEMP%\SweetIMReinstall
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\AppData\LocalLow\DataMngr
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    C:\Program Files (x86)\iLivid
    C:\Program Files (x86)\Windows Savevid Toolbar
    C:\Program Files (x86)\Savevid
    



    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



    -------

    I'll then post the new SystemLook code to run, but will wait for the above first, as its quite lengthy, and it may take a while to run the fix, so give it time :)

    You'll also see some things in the fix that we didn't search for, but these can be related, so prefer to check for them, just to be safe.

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1073590