# Unable to remove Isearch AVG virus



## TerryD55 (Oct 22, 2012)

Hi,

I have spent the past few days trying to delete what I thought was an AVG homepage/toolbar from my system. No matter how many times I disable it and eliminate it as my homepage, it comes back.Since this thing hijacked my browser, every webpage I visit has bogus links leading to advertising. In my search for a solution, I discovered that it really doesn't have anything to to with AVG, but apparently is masquerading as them. It's managed to remain undetected by my anti-virus and anti-spy and malware programs. I should say upfront, that I'm not particularly tech savvy, so bear with me.  I would really appreciate it if you guys can help me get rid of this horrible program. Oh, I should add that I've tried uninstalling the program and even though supposedly it's no longer there, IE still defaults to it. Also, today I tried restoring my system to an earlier date, so right now, it does show as a program that can be uninstalled.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 6109 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 7 Mb
Hard Drives: C: Total - 939767 MB, Free - 655653 MB; G: Total - 305168 MB, Free - 262246 MB;
Motherboard: Gateway, WG43M
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

DDS (Ver_2012-10-19.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Terry at 20:05:03 on 2012-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.3134 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\AOL OnePoint\IDVault.exe
C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Terry\Downloads\Programs\HijackThis.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
uWindow Title = Windows Internet Explorer provided by AOL
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173608109107p0498v175k4601s224
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173608109107p0498v175k4601s224
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621140137.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - 
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll
BHO: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: AOL OnePoint: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.907.2\NativeBHO.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Akamai NetSession Interface] C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Pro\BrowserPlugInHelper.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\Users\Terry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Terry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZINIOA~1.LNK - C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AOLONE~1.LNK - C:\Program Files (x86)\AOL OnePoint\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
IE: {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Windows\System32\EasyRedirect.dll
Trusted Zone: twitter.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173608109107p0498v175k4601s224
x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173608109107p0498v175k4601s224
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621140137.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\ihssikjn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=customfirefoxright&s_qt=sb&tb_uuid=20121014194825702&tb_oid=14-10-2012&tb_mrud=14-10-2012
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com/?cid=%GUID%&mid=%MID%&lang=%LANG%&ds=%DISTSOURCE%&pr=%PROFILE%&d=%INSTALLDATE%&v=%TBVERSION%&sap=hp
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\ihssikjn.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-08 10:36; [email protected]; C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-09-24 10:51; {32b29df0-2237-4370-9a29-37cebb730e9b}; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\ihssikjn.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
FF - ExtSQL: 2012-10-05 13:41; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2012-10-14 12:48; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\ihssikjn.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: 2012-10-14 16:32; {D9A7CBEC-DE1A-444f-A092-844461596C4D}; C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\ihssikjn.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
FF - ExtSQL: !HIDDEN! 2012-10-05 13:41; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-5-31 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-22 289664]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-1 55856]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-17 30568]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-22 75936]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00:52];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-5-16 148976]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-7-23 72856]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-7-23 383128]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-9-23 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-9-23 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-9-23 312616]
R2 EasyRedirect;EasyRedirect;C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-7-23 3542856]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-10-10 160992]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-4 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-22 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-22 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-22 162192]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-9-23 75248]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-8 243232]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-17 711112]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2012-9-30 33888]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-22 65264]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-4-8 138752]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-22 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-22 487296]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-22 100912]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2012-10-2 29288]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-7-23 395416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 116648]
S2 IDVaultSvc;AOL OnePoint Service;C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe [2012-9-14 61784]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-21 250808]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2012-9-30 33888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-14 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]
.
=============== Created Last 30 ================
.
2012-10-22 00:35:35	--------	d-----w-	C:\ProgramData\STOPzilla!
2012-10-22 00:35:35	--------	d-----w-	C:\Program Files (x86)\STOPzilla!
2012-10-21 23:54:54	--------	d-----w-	C:\Users\Terry\AppData\Roaming\DriverCure
2012-10-21 23:54:53	--------	d-----w-	C:\Users\Terry\AppData\Roaming\SpeedyPC Software
2012-10-21 23:54:45	--------	d-----w-	C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-10-21 23:54:41	--------	d-----w-	C:\ProgramData\SpeedyPC Software
2012-10-21 23:54:41	--------	d-----w-	C:\Program Files (x86)\SpeedyPC Software
2012-10-21 20:16:20	--------	d-----w-	C:\ProgramData\AVG2013
2012-10-21 20:10:45	--------	d-----w-	C:\Users\Terry\AppData\Local\Avg2013
2012-10-21 00:10:44	--------	d-----w-	C:\Program Files (x86)\VS Revo Group
2012-10-20 23:16:46	--------	d-----w-	C:\Users\Terry\AppData\Roaming\TuneUp Software
2012-10-20 23:14:38	--------	d-----w-	C:\Program Files (x86)\AVG
2012-10-20 23:12:41	--------	d-----w-	C:\Users\Terry\AppData\Local\MFAData
2012-10-20 22:47:27	--------	d-----w-	C:\ProgramData\MFAData
2012-10-20 16:31:06	--------	d-----w-	C:\Program Files\Perfect Uninstaller
2012-10-17 21:30:26	--------	d-----w-	C:\ProgramData\AVG Secure Search
2012-10-17 21:30:23	30568	----a-w-	C:\Windows\System32\drivers\avgtpx64.sys
2012-10-17 21:30:22	--------	d-----w-	C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-17 21:30:20	--------	d-----w-	C:\Program Files (x86)\AVG Secure Search
2012-10-17 21:29:56	--------	d-----w-	C:\Program Files (x86)\GRETECH
2012-10-16 15:11:11	--------	d-----w-	C:\Users\Terry\AppData\Roaming\uTorrent
2012-10-14 19:46:16	--------	d-----w-	C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
2012-10-13 04:01:01	--------	d-----w-	C:\Users\Terry\AppData\Local\{DC84B566-B8D7-4FDA-A2EB-94D3A13F434E}
2012-10-10 21:38:07	--------	d-----w-	C:\Users\Terry\Citrix
2012-10-10 09:36:33	160992	----a-w-	C:\Windows\System32\drivers\idmwfp.sys
2012-10-10 08:49:00	1659760	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2012-10-10 08:47:54	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-10-10 08:47:54	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-10-10 08:47:30	715776	----a-w-	C:\Windows\System32\kerberos.dll
2012-10-10 08:47:30	542208	----a-w-	C:\Windows\SysWow64\kerberos.dll
2012-10-10 08:47:24	1464320	----a-w-	C:\Windows\System32\crypt32.dll
2012-10-10 08:47:24	1159680	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-10-10 08:47:23	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-10-10 08:47:23	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 08:47:23	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-10-10 08:47:22	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-10-07 22:03:29	--------	d-----w-	C:\Users\Terry\AppData\Local\{A592FC42-2548-418D-8148-0F01F35E30FD}
2012-10-05 21:14:09	--------	d-----w-	C:\Users\Terry\AppData\Roaming\GetRightToGo
2012-10-05 20:45:34	--------	d-----w-	C:\ProgramData\WEBREG
2012-10-05 20:41:34	--------	d-----w-	C:\Program Files (x86)\Yahoo!
2012-10-05 20:39:18	--------	d-----w-	C:\Windows\SysWow64\spool
2012-10-05 20:38:29	--------	d-----w-	C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-10-05 20:38:18	--------	d-----w-	C:\Program Files (x86)\Common Files\HP
2012-10-05 20:35:44	--------	d-----w-	C:\Program Files\HP
2012-10-05 20:34:15	642360	----a-w-	C:\Windows\System32\hpzids40.dll
2012-10-04 19:09:57	--------	d-----w-	C:\Users\Terry\AppData\Local\{BCAC4329-894D-4B05-9B5E-8669AB95696E}
2012-10-04 18:36:13	--------	d-----w-	C:\Users\Terry\AppData\Roaming\Wondershare Video Converter Pro
2012-10-04 18:35:43	--------	d-----w-	C:\Program Files\Common Files\Wondershare
2012-10-04 18:35:15	--------	d-----w-	C:\ProgramData\Wondershare Video Converter Pro
2012-10-02 18:41:08	--------	d-----w-	C:\Users\Terry\AppData\Local\Wondershare
2012-10-02 18:41:07	--------	d-----w-	C:\Program Files (x86)\Common Files\Wondershare
2012-10-02 18:41:04	--------	d-----w-	C:\Users\Terry\AppData\Roaming\Wondershare
2012-10-02 18:40:35	29288	----a-w-	C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
2012-10-02 18:40:30	--------	d-----w-	C:\Program Files (x86)\Wondershare
2012-10-02 18:16:37	--------	d-----w-	C:\Program Files (x86)\Nexus Radio
2012-10-02 03:59:15	--------	d-----w-	C:\Users\Terry\AppData\Local\{E72FF8A0-FB3D-4A67-BC74-FC27D852BD68}
2012-10-01 03:52:23	33888	----a-w-	C:\Windows\System32\drivers\appliand.sys
2012-10-01 00:17:25	--------	d-----w-	C:\Windows\Applian Director
2012-10-01 00:17:25	--------	d-----w-	C:\Program Files (x86)\Applian Director
2012-10-01 00:16:06	--------	d-----w-	C:\Windows\Replay Video Capture 6
2012-10-01 00:16:06	--------	d-----w-	C:\Program Files (x86)\Replay Video Capture 6
2012-09-30 05:23:30	--------	d-----w-	C:\Users\Terry\AppData\Local\{1C208E3E-0069-4284-902C-9091C7F89939}
2012-09-28 15:30:57	--------	d-----w-	C:\Users\Terry\AppData\Local\Jaksta_Technologies_Pty_L
2012-09-28 15:18:21	--------	d-----w-	C:\Program Files (x86)\Applian Technologies
2012-09-28 15:17:35	--------	d-----w-	C:\Users\Terry\AppData\Roaming\Replay Media Catcher 4
2012-09-28 15:17:35	--------	d-----w-	C:\ProgramData\Applian
2012-09-25 18:32:22	--------	d-----w-	C:\Users\Terry\AppData\Local\{5758D7A1-F90B-419F-B283-BDE854D3F072}
2012-09-25 17:11:09	245760	----a-w-	C:\Windows\System32\OxpsConverter.exe
2012-09-25 02:18:22	--------	d-----w-	C:\Users\Terry\AppData\Local\{6F0C4EB6-319E-4DEC-9CBB-FE10B2687CD6}
2012-09-24 17:50:50	344064	----a-w-	C:\Windows\SysWow64\msvcr70.dll
2012-09-23 22:45:23	--------	d-----w-	C:\ProgramData\Blueberry
2012-09-23 22:43:13	--------	d-----w-	C:\Users\Terry\AppData\Roaming\Blueberry
2012-09-23 22:42:41	5632	----a-w-	C:\Windows\System32\bbchlp.dll
2012-09-23 22:42:41	4608	----a-w-	C:\Windows\System32\drivers\bbcap.sys
2012-09-23 22:42:41	37376	----a-w-	C:\Windows\System32\bbcap.dll
2012-09-23 22:42:34	--------	d-----w-	C:\Users\Terry\AppData\Roaming\LogSys
2012-09-23 22:42:33	--------	d-----w-	C:\ProgramData\LogSys
2012-09-23 22:31:45	--------	d-----w-	C:\Users\Terry\AppData\Local\Screencast-O-Matic
.
==================== Find3M ====================
.
2012-10-09 11:24:09	73656	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:24:09	696760	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:24:04	10220472	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-09-13 21:06:56	42248	----a-w-	C:\Windows\System32\drivers\hssdrv6.sys
2012-09-13 19:26:44	38632	----a-w-	C:\Windows\System32\drivers\taphss.sys
2012-09-09 04:06:52	95208	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 04:06:47	821736	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2012-09-09 04:06:47	746984	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-08-30 18:03:45	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02	3968880	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02	3914096	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07	220160	----a-w-	C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-08-24 10:20:11	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50	1913200	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40	950128	----a-w-	C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40	376688	----a-w-	C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33	288624	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-08-20 18:48:44	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-08-20 17:40:21	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52	574464	----a-w-	C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20	490496	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2012-04-02 00:56:00	22259528	----a-w-	C:\Program Files (x86)\vlc-2.0.1-win32.exe
2011-09-02 00:40:59	1228384	----a-w-	C:\Program Files (x86)\PremiereElements_9_LS15.exe
.
============= FINISH: 20:05:38.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 10:32:47 AM
System Uptime: 10/21/2012 6:15:12 PM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 640.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (FAT32) - 298 GiB total, 256.1 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP234: 10/17/2012 11:49:44 PM - Scheduled Checkpoint
RP235: 10/20/2012 7:09:25 AM - Installed Java 7 Update 9
RP236: 10/20/2012 10:30:57 AM - Windows Modules Installer
RP237: 10/20/2012 10:41:56 AM - Windows Modules Installer
RP238: 10/20/2012 10:44:12 AM - Windows Modules Installer
RP239: 10/20/2012 4:14:13 PM - Installed AVG 2013
RP240: 10/20/2012 4:14:48 PM - Installed AVG 2013
RP241: 10/20/2012 4:24:11 PM - Removed AVG 2013
RP242: 10/20/2012 5:17:56 PM - Removed AVG 2013
RP243: 10/20/2012 5:23:32 PM - Removed AVG 2013
RP244: 10/21/2012 3:00:17 AM - Windows Update
RP245: 10/21/2012 1:14:24 PM - Installed AVG 2013
RP246: 10/21/2012 1:15:27 PM - Installed AVG 2013
RP247: 10/21/2012 1:17:01 PM - Removed AVG 2013
RP248: 10/21/2012 5:34:55 PM - Installed STOPzilla. Available with Windows Installer

version 1.2 and later.
RP249: 10/21/2012 5:53:49 PM - StopZILLA! Restore Point.
RP250: 10/21/2012 5:59:30 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
3100_3200_3300_Help
3100_3200_3300trb
3200
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL OnePoint
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
Best Buy pc app
BlueStacks
BufferChm
CollageIt 1.8.9
Compatibility Pack for the 2007 Office system
Copy
Crawler Radio & MP3 Player
CyberLink PowerDVD 11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Dropbox
Easy-Hide-IP 4.1.7.0
EasyDownloads - fastest downloads in two clicks!
Elements 9 Organizer
Elements STI Installer
EZ Fonts
Fax
File Type Assistant
Final Video Downloader 2011
FoxTab Media Player
Free File Viewer 2011
Free Video to JPG Converter version 2.1.2.920
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GPBaseService2
Hotkey Utility
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
iLivid
ImagXpress
Imikimi Plugin
InstaCodecs
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Download Manager
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Pando
PC Optimizer Pro
PDF-Viewer
Picasa 3
QuickTime
Ralink RT2860 Wireless LAN Card
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Scan
Screencast-O-Matic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shape Collage
Shop for HP Supplies
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
StartNow Toolbar
Status
SUPERAntiSpyware
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TweetDeck
Ulead GIF Animator 5 TBYB
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vid-Saver
Viewpoint Media Player
VLC media player 2.0.2
WebReg
Welcome Center
Window Shopper
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AOL OnePoint Service service to

connect.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7000] - The AOL OnePoint

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
10/21/2012 6:16:23 PM, Error: Service Control Manager [7023] - The BlueStacks

Android Service service terminated with the following error: An exception occurred in

the service when handling the control request.
10/21/2012 6:15:43 PM, Error: Service Control Manager [7024] - The Windows

Firewall service terminated with service-specific error Access is denied..
10/21/2012 6:00:55 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WMPNetworkSvc service.
10/21/2012 5:57:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] -

Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter

encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
10/21/2012 5:52:56 PM, Error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: SABKUTIL
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The hpqcxs08 service

terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The HP CUE

DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7031] - The Akamai

NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2012 5:19:54 PM, Error: Service Control Manager [7000] - The SABKUTIL

service failed to start due to the following error: The system cannot find the file

specified.
10/20/2012 6:29:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054c1060, 0xfffff80000b9c4d8, 0xfffffa800aa62e10).

A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-16036-01.
10/20/2012 5:22:14 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the avgwd

service.
10/19/2012 7:12:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054baa10, 0xfffff80000b9c4d8, 0xfffffa800c9e72f0). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-18205-01.
10/14/2012 3:22:07 PM, Error: Service Control Manager [7034] - The EasyRedirect

service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:21:49 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Presentation Foundation

Font Cache 3.0.0.0 service to connect.
10/14/2012 3:21:49 PM, Error: Service Control Manager [7000] - The Windows

Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following

error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 10:32:47 AM
System Uptime: 10/21/2012 6:15:12 PM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 640.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (FAT32) - 298 GiB total, 256.1 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP234: 10/17/2012 11:49:44 PM - Scheduled Checkpoint
RP235: 10/20/2012 7:09:25 AM - Installed Java 7 Update 9
RP236: 10/20/2012 10:30:57 AM - Windows Modules Installer
RP237: 10/20/2012 10:41:56 AM - Windows Modules Installer
RP238: 10/20/2012 10:44:12 AM - Windows Modules Installer
RP239: 10/20/2012 4:14:13 PM - Installed AVG 2013
RP240: 10/20/2012 4:14:48 PM - Installed AVG 2013
RP241: 10/20/2012 4:24:11 PM - Removed AVG 2013
RP242: 10/20/2012 5:17:56 PM - Removed AVG 2013
RP243: 10/20/2012 5:23:32 PM - Removed AVG 2013
RP244: 10/21/2012 3:00:17 AM - Windows Update
RP245: 10/21/2012 1:14:24 PM - Installed AVG 2013
RP246: 10/21/2012 1:15:27 PM - Installed AVG 2013
RP247: 10/21/2012 1:17:01 PM - Removed AVG 2013
RP248: 10/21/2012 5:34:55 PM - Installed STOPzilla. Available with Windows Installer

version 1.2 and later.
RP249: 10/21/2012 5:53:49 PM - StopZILLA! Restore Point.
RP250: 10/21/2012 5:59:30 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
3100_3200_3300_Help
3100_3200_3300trb
3200
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL OnePoint
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
Best Buy pc app
BlueStacks
BufferChm
CollageIt 1.8.9
Compatibility Pack for the 2007 Office system
Copy
Crawler Radio & MP3 Player
CyberLink PowerDVD 11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Dropbox
Easy-Hide-IP 4.1.7.0
EasyDownloads - fastest downloads in two clicks!
Elements 9 Organizer
Elements STI Installer
EZ Fonts
Fax
File Type Assistant
Final Video Downloader 2011
FoxTab Media Player
Free File Viewer 2011
Free Video to JPG Converter version 2.1.2.920
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GPBaseService2
Hotkey Utility
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
iLivid
ImagXpress
Imikimi Plugin
InstaCodecs
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Download Manager
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Pando
PC Optimizer Pro
PDF-Viewer
Picasa 3
QuickTime
Ralink RT2860 Wireless LAN Card
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Scan
Screencast-O-Matic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shape Collage
Shop for HP Supplies
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
StartNow Toolbar
Status
SUPERAntiSpyware
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TweetDeck
Ulead GIF Animator 5 TBYB
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vid-Saver
Viewpoint Media Player
VLC media player 2.0.2
WebReg
Welcome Center
Window Shopper
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AOL OnePoint Service service to

connect.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7000] - The AOL OnePoint

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
10/21/2012 6:16:23 PM, Error: Service Control Manager [7023] - The BlueStacks

Android Service service terminated with the following error: An exception occurred in

the service when handling the control request.
10/21/2012 6:15:43 PM, Error: Service Control Manager [7024] - The Windows

Firewall service terminated with service-specific error Access is denied..
10/21/2012 6:00:55 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WMPNetworkSvc service.
10/21/2012 5:57:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] -

Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter

encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
10/21/2012 5:52:56 PM, Error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: SABKUTIL
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The hpqcxs08 service

terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The HP CUE

DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7031] - The Akamai

NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2012 5:19:54 PM, Error: Service Control Manager [7000] - The SABKUTIL

service failed to start due to the following error: The system cannot find the file

specified.
10/20/2012 6:29:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054c1060, 0xfffff80000b9c4d8, 0xfffffa800aa62e10).

A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-16036-01.
10/20/2012 5:22:14 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the avgwd

service.
10/19/2012 7:12:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054baa10, 0xfffff80000b9c4d8, 0xfffffa800c9e72f0). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-18205-01.
10/14/2012 3:22:07 PM, Error: Service Control Manager [7034] - The EasyRedirect

service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:21:49 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Presentation Foundation

Font Cache 3.0.0.0 service to connect.
10/14/2012 3:21:49 PM, Error: Service Control Manager [7000] - The Windows

Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following

error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 10:32:47 AM
System Uptime: 10/21/2012 6:15:12 PM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 640.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (FAT32) - 298 GiB total, 256.1 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP234: 10/17/2012 11:49:44 PM - Scheduled Checkpoint
RP235: 10/20/2012 7:09:25 AM - Installed Java 7 Update 9
RP236: 10/20/2012 10:30:57 AM - Windows Modules Installer
RP237: 10/20/2012 10:41:56 AM - Windows Modules Installer
RP238: 10/20/2012 10:44:12 AM - Windows Modules Installer
RP239: 10/20/2012 4:14:13 PM - Installed AVG 2013
RP240: 10/20/2012 4:14:48 PM - Installed AVG 2013
RP241: 10/20/2012 4:24:11 PM - Removed AVG 2013
RP242: 10/20/2012 5:17:56 PM - Removed AVG 2013
RP243: 10/20/2012 5:23:32 PM - Removed AVG 2013
RP244: 10/21/2012 3:00:17 AM - Windows Update
RP245: 10/21/2012 1:14:24 PM - Installed AVG 2013
RP246: 10/21/2012 1:15:27 PM - Installed AVG 2013
RP247: 10/21/2012 1:17:01 PM - Removed AVG 2013
RP248: 10/21/2012 5:34:55 PM - Installed STOPzilla. Available with Windows Installer

version 1.2 and later.
RP249: 10/21/2012 5:53:49 PM - StopZILLA! Restore Point.
RP250: 10/21/2012 5:59:30 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
3100_3200_3300_Help
3100_3200_3300trb
3200
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL OnePoint
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
Best Buy pc app
BlueStacks
BufferChm
CollageIt 1.8.9
Compatibility Pack for the 2007 Office system
Copy
Crawler Radio & MP3 Player
CyberLink PowerDVD 11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Dropbox
Easy-Hide-IP 4.1.7.0
EasyDownloads - fastest downloads in two clicks!
Elements 9 Organizer
Elements STI Installer
EZ Fonts
Fax
File Type Assistant
Final Video Downloader 2011
FoxTab Media Player
Free File Viewer 2011
Free Video to JPG Converter version 2.1.2.920
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GPBaseService2
Hotkey Utility
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
iLivid
ImagXpress
Imikimi Plugin
InstaCodecs
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Download Manager
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Pando
PC Optimizer Pro
PDF-Viewer
Picasa 3
QuickTime
Ralink RT2860 Wireless LAN Card
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Scan
Screencast-O-Matic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shape Collage
Shop for HP Supplies
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
StartNow Toolbar
Status
SUPERAntiSpyware
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TweetDeck
Ulead GIF Animator 5 TBYB
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vid-Saver
Viewpoint Media Player
VLC media player 2.0.2
WebReg
Welcome Center
Window Shopper
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AOL OnePoint Service service to

connect.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7000] - The AOL OnePoint

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
10/21/2012 6:16:23 PM, Error: Service Control Manager [7023] - The BlueStacks

Android Service service terminated with the following error: An exception occurred in

the service when handling the control request.
10/21/2012 6:15:43 PM, Error: Service Control Manager [7024] - The Windows

Firewall service terminated with service-specific error Access is denied..
10/21/2012 6:00:55 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WMPNetworkSvc service.
10/21/2012 5:57:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] -

Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter

encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
10/21/2012 5:52:56 PM, Error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: SABKUTIL
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The hpqcxs08 service

terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The HP CUE

DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7031] - The Akamai

NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2012 5:19:54 PM, Error: Service Control Manager [7000] - The SABKUTIL

service failed to start due to the following error: The system cannot find the file

specified.
10/20/2012 6:29:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054c1060, 0xfffff80000b9c4d8, 0xfffffa800aa62e10).

A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-16036-01.
10/20/2012 5:22:14 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the avgwd

service.
10/19/2012 7:12:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054baa10, 0xfffff80000b9c4d8, 0xfffffa800c9e72f0). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-18205-01.
10/14/2012 3:22:07 PM, Error: Service Control Manager [7034] - The EasyRedirect

service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:21:49 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Presentation Foundation

Font Cache 3.0.0.0 service to connect.
10/14/2012 3:21:49 PM, Error: Service Control Manager [7000] - The Windows

Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following

error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 10:32:47 AM
System Uptime: 10/21/2012 6:15:12 PM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 640.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (FAT32) - 298 GiB total, 256.1 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP234: 10/17/2012 11:49:44 PM - Scheduled Checkpoint
RP235: 10/20/2012 7:09:25 AM - Installed Java 7 Update 9
RP236: 10/20/2012 10:30:57 AM - Windows Modules Installer
RP237: 10/20/2012 10:41:56 AM - Windows Modules Installer
RP238: 10/20/2012 10:44:12 AM - Windows Modules Installer
RP239: 10/20/2012 4:14:13 PM - Installed AVG 2013
RP240: 10/20/2012 4:14:48 PM - Installed AVG 2013
RP241: 10/20/2012 4:24:11 PM - Removed AVG 2013
RP242: 10/20/2012 5:17:56 PM - Removed AVG 2013
RP243: 10/20/2012 5:23:32 PM - Removed AVG 2013
RP244: 10/21/2012 3:00:17 AM - Windows Update
RP245: 10/21/2012 1:14:24 PM - Installed AVG 2013
RP246: 10/21/2012 1:15:27 PM - Installed AVG 2013
RP247: 10/21/2012 1:17:01 PM - Removed AVG 2013
RP248: 10/21/2012 5:34:55 PM - Installed STOPzilla. Available with Windows Installer

version 1.2 and later.
RP249: 10/21/2012 5:53:49 PM - StopZILLA! Restore Point.
RP250: 10/21/2012 5:59:30 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
3100_3200_3300_Help
3100_3200_3300trb
3200
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL OnePoint
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
Best Buy pc app
BlueStacks
BufferChm
CollageIt 1.8.9
Compatibility Pack for the 2007 Office system
Copy
Crawler Radio & MP3 Player
CyberLink PowerDVD 11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Dropbox
Easy-Hide-IP 4.1.7.0
EasyDownloads - fastest downloads in two clicks!
Elements 9 Organizer
Elements STI Installer
EZ Fonts
Fax
File Type Assistant
Final Video Downloader 2011
FoxTab Media Player
Free File Viewer 2011
Free Video to JPG Converter version 2.1.2.920
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GPBaseService2
Hotkey Utility
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
iLivid
ImagXpress
Imikimi Plugin
InstaCodecs
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Download Manager
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Pando
PC Optimizer Pro
PDF-Viewer
Picasa 3
QuickTime
Ralink RT2860 Wireless LAN Card
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Scan
Screencast-O-Matic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shape Collage
Shop for HP Supplies
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
StartNow Toolbar
Status
SUPERAntiSpyware
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TweetDeck
Ulead GIF Animator 5 TBYB
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vid-Saver
Viewpoint Media Player
VLC media player 2.0.2
WebReg
Welcome Center
Window Shopper
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AOL OnePoint Service service to

connect.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7000] - The AOL OnePoint

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
10/21/2012 6:16:23 PM, Error: Service Control Manager [7023] - The BlueStacks

Android Service service terminated with the following error: An exception occurred in

the service when handling the control request.
10/21/2012 6:15:43 PM, Error: Service Control Manager [7024] - The Windows

Firewall service terminated with service-specific error Access is denied..
10/21/2012 6:00:55 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WMPNetworkSvc service.
10/21/2012 5:57:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] -

Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter

encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
10/21/2012 5:52:56 PM, Error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: SABKUTIL
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The hpqcxs08 service

terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The HP CUE

DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7031] - The Akamai

NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2012 5:19:54 PM, Error: Service Control Manager [7000] - The SABKUTIL

service failed to start due to the following error: The system cannot find the file

specified.
10/20/2012 6:29:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054c1060, 0xfffff80000b9c4d8, 0xfffffa800aa62e10).

A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-16036-01.
10/20/2012 5:22:14 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the avgwd

service.
10/19/2012 7:12:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054baa10, 0xfffff80000b9c4d8, 0xfffffa800c9e72f0). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-18205-01.
10/14/2012 3:22:07 PM, Error: Service Control Manager [7034] - The EasyRedirect

service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:21:49 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Presentation Foundation

Font Cache 3.0.0.0 service to connect.
10/14/2012 3:21:49 PM, Error: Service Control Manager [7000] - The Windows

Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following

error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 10:32:47 AM
System Uptime: 10/21/2012 6:15:12 PM (2 hours ago)
.
Motherboard: Gateway | | WG43M
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 640.286 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is FIXED (FAT32) - 298 GiB total, 256.1 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP234: 10/17/2012 11:49:44 PM - Scheduled Checkpoint
RP235: 10/20/2012 7:09:25 AM - Installed Java 7 Update 9
RP236: 10/20/2012 10:30:57 AM - Windows Modules Installer
RP237: 10/20/2012 10:41:56 AM - Windows Modules Installer
RP238: 10/20/2012 10:44:12 AM - Windows Modules Installer
RP239: 10/20/2012 4:14:13 PM - Installed AVG 2013
RP240: 10/20/2012 4:14:48 PM - Installed AVG 2013
RP241: 10/20/2012 4:24:11 PM - Removed AVG 2013
RP242: 10/20/2012 5:17:56 PM - Removed AVG 2013
RP243: 10/20/2012 5:23:32 PM - Removed AVG 2013
RP244: 10/21/2012 3:00:17 AM - Windows Update
RP245: 10/21/2012 1:14:24 PM - Installed AVG 2013
RP246: 10/21/2012 1:15:27 PM - Installed AVG 2013
RP247: 10/21/2012 1:17:01 PM - Removed AVG 2013
RP248: 10/21/2012 5:34:55 PM - Installed STOPzilla. Available with Windows Installer

version 1.2 and later.
RP249: 10/21/2012 5:53:49 PM - StopZILLA! Restore Point.
RP250: 10/21/2012 5:59:30 PM - Restore Operation
.
==== Installed Programs ======================
.
µTorrent
3100_3200_3300_Help
3100_3200_3300trb
3200
64 Bit HP CIO Components Installer
7-Zip 9.22beta
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL OnePoint
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
Best Buy pc app
BlueStacks
BufferChm
CollageIt 1.8.9
Compatibility Pack for the 2007 Office system
Copy
Crawler Radio & MP3 Player
CyberLink PowerDVD 11
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Download Updater (AOL LLC)
Dropbox
Easy-Hide-IP 4.1.7.0
EasyDownloads - fastest downloads in two clicks!
Elements 9 Organizer
Elements STI Installer
EZ Fonts
Fax
File Type Assistant
Final Video Downloader 2011
FoxTab Media Player
Free File Viewer 2011
Free Video to JPG Converter version 2.1.2.920
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GOM Player
Google Chrome
Google Talk (remove only)
Google Update Helper
GPBaseService2
Hotkey Utility
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
iLivid
ImagXpress
Imikimi Plugin
InstaCodecs
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Download Manager
Internet TV for Windows Media Center
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
JDownloader
Junk Mail filter update
K-Lite Codec Pack 7.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Pando
PC Optimizer Pro
PDF-Viewer
Picasa 3
QuickTime
Ralink RT2860 Wireless LAN Card
RAR File Open Knife - Free Opener
Realtek High Definition Audio Driver
Replay Media Catcher 4 (4.4.4)
Replay Video Capture 6
Scan
Screencast-O-Matic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shape Collage
Shop for HP Supplies
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
StartNow Toolbar
Status
SUPERAntiSpyware
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TweetDeck
Ulead GIF Animator 5 TBYB
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
Vid-Saver
Viewpoint Media Player
VLC media player 2.0.2
WebReg
Welcome Center
Window Shopper
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the AOL OnePoint Service service to

connect.
10/21/2012 6:16:52 PM, Error: Service Control Manager [7000] - The AOL OnePoint

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
10/21/2012 6:16:23 PM, Error: Service Control Manager [7023] - The BlueStacks

Android Service service terminated with the following error: An exception occurred in

the service when handling the control request.
10/21/2012 6:15:43 PM, Error: Service Control Manager [7024] - The Windows

Firewall service terminated with service-specific error Access is denied..
10/21/2012 6:00:55 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the

WMPNetworkSvc service.
10/21/2012 5:57:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] -

Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter

encountered error '0xc00d4268'. If possible, reinstall Windows Media Player.
10/21/2012 5:52:56 PM, Error: Service Control Manager [7026] - The following boot-

start or system-start driver(s) failed to load: SABKUTIL
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The hpqcxs08 service

terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7034] - The HP CUE

DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2012 5:33:25 PM, Error: Service Control Manager [7031] - The Akamai

NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2012 5:19:54 PM, Error: Service Control Manager [7000] - The SABKUTIL

service failed to start due to the following error: The system cannot find the file

specified.
10/20/2012 6:29:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054c1060, 0xfffff80000b9c4d8, 0xfffffa800aa62e10).

A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-16036-01.
10/20/2012 5:22:14 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the avgwd

service.
10/19/2012 7:12:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]

- The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f

(0x0000000000000003, 0xfffffa80054baa10, 0xfffff80000b9c4d8, 0xfffffa800c9e72f0). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-18205-01.
10/14/2012 3:22:07 PM, Error: Service Control Manager [7034] - The EasyRedirect

service terminated unexpectedly. It has done this 1 time(s).
10/14/2012 3:21:49 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Presentation Foundation

Font Cache 3.0.0.0 service to connect.
10/14/2012 3:21:49 PM, Error: Service Control Manager [7000] - The Windows

Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following

error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Sorry for the delay, but these forums can be very busy 

Are you still having this problem? If so, can you do the following for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log, SUPERAntiSpyware Scan Log and checkup.txt *in your next reply

eddie_


----------



## TerryD55 (Oct 22, 2012)

Thanks Eddie.

Unfortunately, most malware/virus protection isn't even catching this, including MBAM and SuperAntiSpyware, which I already use. The only thing that seems to work (temporarily) is ComboFix but the darned thing regenerates and comes back. I'm going to post the logs that you requested, but also one from ComboFix. You can see in their log, that it's picking up the fake AVG toolbar. After I use ComboFix, the toolbar and default to the fake AVG start-up page disappear, but only for a while. It comes back every time, often overnight.

ComboFix:

ComboFix 12-11-04.01 - Terry 11/05/2012 6:25.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4337 [GMT -8:00]
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: STOPzilla! *Disabled/Updated* {17032AB1-6644-0721-EEB5-A39B8B646009}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: STOPzilla! *Disabled/Updated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 15:11 . 2012-11-05 15:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-02 00:58 . 2012-01-12 16:28	74872	----a-r-	c:\windows\system32\drivers\sbapifs.sys
2012-11-02 00:58 . 2012-01-19 17:22	45936	------w-	c:\windows\system32\SBBD.EXE
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09	--------	d-----w-	c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04	--------	d-----w-	c:\users\Terry\AppData\Roaming\GRETECH
2012-10-24 16:16 . 2012-10-24 16:16	23416	----a-r-	c:\windows\SysWow64\SZIO5.dll
2012-10-24 16:16 . 2012-10-24 16:16	681848	----a-r-	c:\windows\SysWow64\SZComp5.dll
2012-10-24 16:16 . 2012-10-24 16:16	509816	----a-r-	c:\windows\SysWow64\SZBase5.dll
2012-10-24 05:22 . 2012-04-20 23:40	196440	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2012-10-23 04:28 . 2012-10-23 04:28	--------	d-----w-	c:\users\Terry\AppData\Roaming\Curiolab
2012-10-23 04:27 . 2012-11-03 05:03	--------	d-----w-	c:\program files (x86)\Exterminate It!
2012-10-23 00:45 . 2012-10-23 00:45	--------	d-----w-	c:\program files (x86)\ESET
2012-10-22 00:35 . 2012-11-05 14:24	--------	d-----w-	c:\programdata\STOPzilla!
2012-10-22 00:35 . 2012-11-03 05:26	--------	d-----w-	c:\program files (x86)\STOPzilla!
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\DriverCure
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\SpeedyPC Software
2012-10-21 00:10 . 2012-10-21 00:10	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-10-20 23:16 . 2012-10-20 23:16	--------	d-----w-	c:\users\Terry\AppData\Roaming\TuneUp Software
2012-10-20 23:12 . 2012-10-20 23:12	--------	d-----w-	c:\users\Terry\AppData\Local\MFAData
2012-10-20 22:47 . 2012-10-22 01:10	--------	d-----w-	c:\programdata\MFAData
2012-10-20 16:31 . 2012-10-22 01:10	--------	d-----w-	c:\program files\Perfect Uninstaller
2012-10-16 15:11 . 2012-11-01 00:53	--------	d-----w-	c:\users\Terry\AppData\Roaming\uTorrent
2012-10-14 19:46 . 2012-10-14 19:46	--------	d-----w-	c:\users\Terry\AppData\Roaming\FinalVideoDownloader
2012-10-11 17:06 . 2012-10-11 17:06	29048	----a-r-	c:\windows\SysWow64\IS3XDat5.dll
2012-10-11 17:06 . 2012-10-11 17:06	231288	----a-r-	c:\windows\SysWow64\IS3Win325.dll
2012-10-11 17:06 . 2012-10-11 17:06	391032	----a-r-	c:\windows\SysWow64\IS3UI5.dll
2012-10-11 17:06 . 2012-10-11 17:06	100216	----a-r-	c:\windows\SysWow64\IS3Svc5.dll
2012-10-11 17:06 . 2012-10-11 17:06	132984	----a-r-	c:\windows\SysWow64\IS3HTUI5.dll
2012-10-11 17:06 . 2012-10-11 17:06	104312	----a-r-	c:\windows\SysWow64\IS3Inet5.dll
2012-10-11 17:06 . 2012-10-11 17:06	67448	----a-r-	c:\windows\SysWow64\IS3Hks5.dll
2012-10-11 17:06 . 2012-10-11 17:06	460664	----a-r-	c:\windows\SysWow64\IS3DBA5.dll
2012-10-11 17:06 . 2012-10-11 17:06	817016	----a-r-	c:\windows\SysWow64\IS3Base5.dll
2012-10-10 21:38 . 2012-10-10 21:38	--------	d-----w-	c:\users\Terry\Citrix
2012-10-10 09:36 . 2012-09-27 18:07	160992	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-10-10 08:49 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 08:47 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 08:47 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 08:47 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 08:47 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 08:47 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 08:47 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 08:47 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 08:47 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 08:47 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 08:47 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-10 10:04 . 2010-09-01 16:14	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 11:24 . 2012-03-31 18:59	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:24 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-09-09 04:06	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 04:06 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-24 11:15 . 2012-09-22 10:01	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:01	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:01	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:03	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:03	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:03	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:03	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 17:11	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 08:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-04-02 00:56 . 2012-04-02 00:55	22259528	----a-w-	c:\program files (x86)\vlc-2.0.1-win32.exe
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL OnePoint.lnk - c:\program files (x86)\AOL OnePoint\IDVault.exe [2012-9-14 6185304]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 IDVaultSvc;AOL OnePoint Service;c:\program files (x86)\AOL OnePoint\IDVaultSvc.exe [2012-09-14 61784]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-01-12 74872]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 11:24]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30&v=13.2.0.1&sap=hp
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{4d782c9b-5158-42f5-8021-b04a6b646d9a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014d
"Therad"=dword:00000019
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d1,f1,35,60,13,ee,71,bd,00,24,01,9d,c4,88,cf,db,32,0b,cd,4a,b4,
11,f4,49,88,10,7a,5f,8f,f5,65,13,55,d4,fc,da,1b,c7,e2,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{77b730aa-a512-486d-8859-d3463bfa8d94}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000074
"Therad"=dword:00000017
"MData"=hex(0):46,bb,fc,21,55,48,75,53,61,4d,44,ff,50,c9,dc,ca,ad,13,a6,66,1c,
1b,c1,96,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 07:33:56
ComboFix-quarantined-files.txt 2012-11-05 15:33
ComboFix2.txt 2012-11-04 19:28
ComboFix3.txt 2012-11-04 16:35
ComboFix4.txt 2012-11-04 03:34
ComboFix5.txt 2012-11-05 14:24
.
Pre-Run: 748,356,972,544 bytes free
Post-Run: 748,386,045,952 bytes free
.
- - End Of File - - 250DFC18950DF07A14502DECD76DA4A8

Security Checkup:

Results of screen317's Security Check version 0.99.54 
Windows 7 Service Pack 1 x64 *(UAC is disabled!)* 
Internet Explorer 9 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware 
STOPzilla! 
WMI entry may not exist for antivirus; attempting automatic update. 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.62.0.1300 
JavaFX 2.1.1 
Java(TM) 6 Update 30 
Java 7 Update 7 
*Java version out of Date!* 
Adobe Flash Player 11.4.402.287 
Adobe Reader X (10.1.4) 
Google Chrome 22.0.1229.96 
Google Chrome CommonDotNET.dll.. 
Google Chrome IdVaultCore.dll.. 
Google Chrome IdVaultCore.XmlSerializers.dll. 
Google Chrome Microsoft.mshtml.dll. 
*````````Process Check: objlist.exe by Laurent````````* 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 1% 
*````````````````````End of Log``````````````````````*

MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Terry :: TERRY-PC [administrator]

11/5/2012 4:56:16 PM
mbam-log-2012-11-05 (16-56-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207788
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2012 at 06:27 PM

Application Version : 5.6.1012

Core Rules Database Version : 9530
Trace Rules Database Version: 7342

Scan type : Complete Scan
Total Scan Time : 01:20:42

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 744
Memory threats detected : 0
Registry items scanned : 73339
Registry threats detected : 0
File items scanned : 62109
File threats detected : 402

Adware.Tracking Cookie
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\NQMD0B9V.txt [ /c.atdmt.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\LYC4NCTQ.txt [ /doubleclick.net ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\3GEOH0TA.txt [ /atdmt.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\4V3CTK24.txt [ /apmebf.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\FPG3EN3M.txt [ /mediaplex.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\72DR1O6Q.txt [ /questionmarket.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\EFFMY121.txt [ /ad.yieldmanager.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\OWMW3QSC.txt [ /revsci.net ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\LTYI67AH.txt [ /zedo.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\TB6KI9EO.txt [ /msnportal.112.2o7.net ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\9S9WS8QS.txt [ /advertising.com ]
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Cookies\CBSOWPGE.txt [ /at.atwola.com ]
C:\USERS\TERRY\Cookies\LYC4NCTQ.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\3GEOH0TA.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\4V3CTK24.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\72DR1O6Q.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\OWMW3QSC.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\LTYI67AH.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\TB6KI9EO.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\9S9WS8QS.txt [ Cookie:[email protected]/ ]
C:\USERS\TERRY\Cookies\CBSOWPGE.txt [ Cookie:[email protected]/ ]
.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.staradvertiser.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaforceltd.go2jump.org [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.twitpic.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kanoodle.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trackrev.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videos.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.videos.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
videos.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
videos.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.qnsr.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
o1.qnsr.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.parentstv.112.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.brighthouse.122.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pch.directtrack.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pch.directtrack.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.directtrack.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findanopportunity.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findanopportunity.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trackrev.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbsdigitalmedia.112.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tamedia.hanes.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pcmag.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c0.histats.12mlbe.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
oasc12.247realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.care2.112.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atlanticmedia.122.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediacdn.disqus.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.t.pointroll.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbspressexpress.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adtracker.valuedopinions.co.uk [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## eddie5659 (Mar 19, 2001)

I'll have a look at this when I get home, as I'm still at work, but in the meantime, can you run these and post the logs:

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

---------------

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## TerryD55 (Oct 22, 2012)

I seem to be having trouble posting a reply so I'll try it in two parts.

Here you go, Eddie,

AdwrCleaner

# AdwCleaner v2.006 - Logfile created 11/06/2012 at 07:48:48
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Terry - TERRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Terry\Downloads\Programs\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\uTorrentControl2
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Terry\AppData\Local\Conduit
Folder Found : C:\Users\Terry\AppData\Local\Ilivid Player
Folder Found : C:\Users\Terry\AppData\Local\OpenCandy
Folder Found : C:\Users\Terry\AppData\LocalLow\Conduit
Folder Found : C:\Users\Terry\AppData\LocalLow\searchquband
Folder Found : C:\Users\Terry\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\Terry\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1FF9DC7-112F-4F08-82D0-AA5314BE96D9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB336A36-5750-4637-ADDC-D2AC7E44F38D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12804 octets] - [06/11/2012 07:48:48]

########## EOF - C:\AdwCleaner[R1].txt - [12865 octets] ##########


----------



## TerryD55 (Oct 22, 2012)

Part 2. OTL Logs Thanks again, Eddie.

OTL

OTL logfile created on: 11/6/2012 7:54:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 81.56% Memory free
11.93 Gb Paging File | 10.14 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 697.22 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 98.54 Gb Free Space | 33.07% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/06 07:53:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2012/10/24 08:16:18 | 000,056,696 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2012/10/24 08:16:08 | 000,219,000 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2012/10/10 01:16:38 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/14 07:01:33 | 000,061,784 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe
PRC - [2012/09/14 07:01:30 | 006,185,304 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\AOL OnePoint\IDVault.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/07/13 14:07:56 | 004,612,424 | ---- | M] (Easy Hide IP) -- C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
PRC - [2011/06/17 09:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/25 04:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/14 07:01:32 | 000,104,280 | ---- | M] () -- C:\Program Files (x86)\AOL OnePoint\IdVaultCore.XmlSerializers.dll
MOD - [2012/09/07 09:25:52 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\AOL OnePoint\sqlite3.dll
MOD - [2012/06/14 02:41:33 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 02:41:32 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 02:36:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/14 02:36:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f6e40535606ea1d79d2a3a1d7e85a743\System.Web.Services.ni.dll
MOD - [2012/06/14 02:36:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 02:36:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 02:36:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 02:35:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 02:35:55 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/09 02:43:43 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/09 02:42:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/09 02:42:05 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/09 02:42:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 02:42:03 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/09 02:42:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/09 02:39:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 02:39:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/09 02:39:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/09 02:39:04 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/09 02:38:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 02:38:51 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/09 02:38:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 02:38:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 02:38:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 02:38:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/12/11 17:59:50 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:*64bit:* - [2012/09/07 15:46:15 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:*64bit:* - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:*64bit:* - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:*64bit:* - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:*64bit:* - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/01 07:44:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012/10/24 08:16:18 | 000,056,696 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2012/10/09 03:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/14 07:01:33 | 000,061,784 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/06/17 09:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/27 10:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:*64bit:* - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:*64bit:* - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:*64bit:* - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:*64bit:* - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:*64bit:* - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:*64bit:* - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:*64bit:* - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:*64bit:* - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/12 08:28:48 | 000,074,872 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:*64bit:* - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, had some personal issue to look at this week, so not been online much 

Looks like its found a few, so lets remove them first:


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S1].txt* as well.

----------

Also, the OTL log you posted isn't the full one. If you can repost it, along with the Extras log, that would be great


----------



## TerryD55 (Oct 22, 2012)

No need to apologize, I'm just grateful for the assistance. I seem to be unable to get a reply to post with all of the logs again, so look for more than one reply from me.

*Adware Cleaner*

# AdwCleaner v2.006 - Logfile created 11/08/2012 at 13:53:02
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Terry - TERRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Terry\Downloads\Programs\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Terry\AppData\Local\Conduit
Folder Deleted : C:\Users\Terry\AppData\Local\Ilivid
Folder Deleted : C:\Users\Terry\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Terry\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Terry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Terry\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Terry\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Terry\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1FF9DC7-112F-4F08-82D0-AA5314BE96D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB336A36-5750-4637-ADDC-D2AC7E44F38D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12869 octets] - [06/11/2012 07:48:48]
AdwCleaner[S1].txt - [13366 octets] - [08/11/2012 13:53:02]

########## EOF - C:\AdwCleaner[S1].txt - [13427 octets] ##########


----------



## TerryD55 (Oct 22, 2012)

*OTL Extras*

OTL Extras logfile created on: 11/6/2012 7:54:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 81.56% Memory free
11.93 Gb Paging File | 10.14 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 697.22 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 98.54 Gb Free Space | 33.07% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019BF475-0518-43EF-81EE-0A69F13F3F7C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{03A6BA39-F663-4EF4-BA2B-AAF061B52FD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0653258F-C701-4E6A-B49F-3B876911FCAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{098C4C77-C19A-4D9E-B683-D5F329043C68}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{291BD5F3-334F-45B5-A01C-5F8254605029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32D184A0-86AC-42A8-8B35-3B95B7BA5643}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39D93BC5-1AA5-481C-88B9-44CCA691995B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4B79D9BA-B7E8-47DA-BB96-4B87663FC707}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4E88FDCE-9644-4E20-B859-437DC4A1E942}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{541CC847-9811-4ECB-AB04-E18CB61EE4E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{55853804-B5DC-4553-A0C6-5BDE3D577A91}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5741A6DF-630C-48AE-9E80-16F23121ACD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58586124-1B8D-4EB0-A6D2-6B1C4352F492}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CE7FE0A-2B88-4586-BCF8-D67E2155A93F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{693C4250-DEA5-440C-887C-0421488136A9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7913EA4E-B965-4F24-9F89-F08D64604D2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96E39AEB-5346-4178-820A-DA0C3594F311}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{98101EC0-10A5-4FA4-9FB9-5BA1F43A8348}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface | 
"{A1EA3C83-EF34-4ABF-B9A0-3360C2A21F89}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A3EFC5DB-724F-4BDC-A201-3EF43397730C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6D369BF-2CD4-4608-B915-F63960BBC3FE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C915939B-9B20-4D16-ADC2-144581FDA94E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D04F89E1-AF0C-4ED3-884D-75DD6E15A4E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DBC6A5D7-57E6-4751-8003-5F8D24811878}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F14ACA99-0EA1-4465-89D4-8F28CC2F2E47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F187B23D-066B-42C7-A3FF-03433F2581DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F748F7FF-E873-4BE4-BD77-890F785884B9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{0248989D-13CF-4D97-BEDD-40E65C81D75E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02C509F8-43E5-4484-841F-454A261E8435}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{03459BFC-365C-4865-AC78-931ADF555F17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B630C0D-FB86-4F12-8485-A3B8411588D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
"{0BA30535-7D62-4C75-A2DC-648F73559362}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe | 
"{0DF51920-0F75-4FAA-BB5D-9D6FA6593BA1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{0ED13479-31CE-484C-B9B9-92D8A9AEA5BC}" = protocol=1 | dir=in | [email protected],-28543 | 
"{129EEB1D-8418-4218-912C-8BFE9FA4401E}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{136D49AB-49E1-41CB-8E33-63B182682B5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{15493A82-8089-40AD-B734-67DAE8797474}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{161B800E-3751-457E-9B12-E9BFC9440DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{193D4B11-EFA0-459F-9755-C6FAE90D80E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{1A24FA76-D1E7-4F60-9911-A5E14303BA05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{1AC43909-C9DC-4525-9AA3-010FF4874AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{1B815FCC-78C9-4FEE-A6BA-BFBA8502FBCC}" = protocol=58 | dir=out | [email protected],-503 | 
"{1CEF6BCD-8D02-4AED-BC44-9F9922F4B855}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D3BDCC8-6F79-4ABA-B13B-06FC43144E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1283115846\ee\aolsoftware.exe | 
"{1D52B18E-D005-4AC6-ABAB-A557D8B24ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe | 
"{1FF8832F-3F02-46A6-A723-BA1BA6E689CA}" = protocol=58 | dir=in | [email protected],-28545 | 
"{2082FC22-3601-43CA-8ACB-5EF5F51BB23B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{253D0AFF-E737-4AE2-A6B4-A65346AE2EDE}" = protocol=17 | dir=in | app=c:\users\terry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{285BD80B-DC9D-4BB3-9891-E049515C4860}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{2ACF0543-3762-42A0-93F7-EE24D70A6F45}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{2BBB367F-D176-4670-A030-99C9A0D5F75C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{2BFFFE63-37AF-4490-850A-10812879B69E}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{300BC7E4-5C12-4F7F-B7D2-9C8BD7AFC7E7}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{36140DC2-38F7-467D-AC21-480BF30F34D3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{37869BF4-1E7A-4282-8D38-995DE4E5062E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3A837FDA-5D62-46D1-B5D7-DB94C876DF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{3EACF359-74EB-4E34-BBA2-23C6933BC594}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F9910B3-DB88-4C54-A287-8495DDECCC49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{40598DBB-1D08-49B2-B086-359867A5FE95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{40A13F36-D0A4-4A39-841C-085B1486CFDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{4159297B-5759-416B-9B41-C1508005395B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{45E05721-625B-46A4-AB51-9027DCE57A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{46FC0B92-A31D-4B64-9A46-D09E54667B14}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{46FC17FF-6AC1-46B9-ACB1-B405C039D58F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
"{46FC56D3-1F22-4704-9DE7-BF9DF8ADB39B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{475885AF-54BA-4F31-8D73-703F624EEF8B}" = protocol=17 | dir=in | app=c:\users\terry\appdata\local\akamai\netsession_win.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{48CD5C2E-A8AF-49E5-8368-AD15FBA79149}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{4C195EEC-55C2-4A1B-B403-2A8655E4D25A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{51D0518D-802D-496D-B672-FFDE63990636}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{546CFA29-459B-404A-B504-DD04DBCDD390}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
"{54EDF33F-115C-429C-985C-3AD84986CC65}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1283115846\ee\aolsoftware.exe | 
"{56270B4D-0DD3-4C4B-9873-65411457067C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{56EE54C1-DA30-483E-8DFD-D679519EF1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{61CA874E-1123-48B0-9FC2-BD29560A2D87}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{635E1312-F093-4A8E-96CE-68254F3CD1D1}" = protocol=6 | dir=in | app=c:\users\terry\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6546E5AD-AB35-4B06-B1C3-F48E3A25908E}" = protocol=6 | dir=out | app=system | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B2F1F3A-7F25-443E-8BFE-1EB321DC6353}" = protocol=6 | dir=in | app=c:\users\terry\appdata\local\akamai\netsession_win.exe | 
"{6DF79A25-6266-4686-92EF-D1C352D35B22}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe | 
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{70646142-D230-40A6-B278-586D903C4073}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{7503E7C5-8014-4C01-BBC5-1FE64642881B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{793F6C68-D36D-4913-A7CD-0A07B1ED9820}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
"{79D092D2-D4B1-4940-8F2D-25BEAE20EB97}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | 
"{7C6BF97E-E595-477B-902E-F586A36D9F36}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"{7E4D6CD6-FC8C-492F-BC76-33109AD041A1}" = dir=in | app=c:\program files (x86)\pando networks\pando\pando.exe | 
"{7F7D40A1-71AB-47C5-AA8C-6BDDD80FA8DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{810FD1D1-1525-4CD3-B5A3-B11AD3FE3666}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{84324341-C3FC-4B34-98FB-81056F6598D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{874D53CD-B060-4C24-923C-BF589DF7F23C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{889075A1-E3C8-49FD-8BA0-705E68CF529C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A6CB474-6AD5-494E-8ABC-958F3779985C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{8A77B454-E01E-41F7-B627-30E283CD0836}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8DC6E94D-3443-41EF-B031-F52D30F2D7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{90C4BAB3-D0AF-4F13-B4E4-CF4C84CB0DB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{921830BE-17B8-4931-B3BE-AA5FD20BF045}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9232695B-3E72-4593-9BDB-C7C0108A11BE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{9870EA81-02E5-4479-A7CD-CE1AEA797391}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{9E741BFF-654F-4DDC-86B0-64A19C4D93B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{9F891E67-4322-4AD8-BFAB-9B62DD08E53C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A03D2D67-D468-4815-8A78-E51829B96B17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A04DCD4B-C3A9-4B48-9262-16C86901EF76}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{A1596883-74CC-46DA-AF63-98A53E592020}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB25E501-955B-418C-AC6F-0420A6AA81D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB860773-625C-4375-91F7-88491341A1F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{AC076146-66D1-4390-B2E6-A51063AE180A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{AD16C56C-5B82-481F-B8FF-D550375A022E}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"{AE54D01D-9806-404A-A74C-CA44082A2C99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B336AE8D-F424-492F-94F2-63515999A479}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{B8F398BB-7325-4079-98E5-09E58697D0F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{C14DB4CA-9720-4813-9D47-2CD5E4AA4DCE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{C8F2D4FA-6220-4B37-A061-4ACE47AEE39C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEF87E1D-6B72-41DC-BE77-46F06ACD7525}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{CF93FBB1-A709-4C31-AB78-C98CC0F77EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{CFCA4803-EA55-4CEC-A865-E5EC2D633AF0}" = protocol=58 | dir=out | [email protected],-28546 | 
"{D1707B4D-FD43-4DFE-96BC-FDC9626510F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA666C99-EEFF-4C94-9587-72A12B376864}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1285090116\ee\aolsoftware.exe | 
"{DC4704E1-7CCD-441C-A10B-81BE59900482}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{DC6E9D6F-CB2C-4322-9A0A-F3BF74703EA5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{DCC4DF84-BE3D-42FC-96C4-CE80EDE8F49B}" = protocol=58 | dir=in | app=system | 
"{DE48E764-F32E-40F6-BDF9-A2F859A5491E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
"{E279409F-C3A1-4111-AF64-0A58B2C27906}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{E329D10E-C561-4B21-B4F2-AA0F2773D17A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{E3E554AB-6E6B-4440-B515-4560F2B7B9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1285090116\ee\aolsoftware.exe | 
"{E673DDF4-FA0A-442C-AA28-6945BA15977C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC3183D8-7C1D-4CBB-B58B-34714B88BFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{ED2F73A3-B00F-4A70-8312-EBB09846C4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{EF74EC99-B995-413D-9BC1-8C5469482D60}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F194DDA2-58D9-4C92-828B-C612E5172844}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{F38CB874-283C-45B4-85B0-3B8C22BEFFC3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{F399A44A-7AF7-47FC-A7F2-40E4A7F1266C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{F58B4C2C-5FC6-45E0-9C57-586B2FF5AADD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5CEC2BD-955F-45F7-B9B5-7945CF1A12CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F65C7E6C-8F52-4892-ABE7-624233089D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{F65D3A52-C53A-4370-B9AA-7A386A497B4C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8283A58-0F8C-476F-A41A-1F97F3F687FC}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{FCC8709B-5CAC-4BAF-B865-DABDC8E91616}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{FEEFA1A2-6EB9-4D34-B11E-27AA26CC4A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Easy-Hide-IP_is1" = Easy-Hide-IP 4.1.7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC Optimizer Pro" = PC Optimizer Pro
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F2B82E-9F78-4518-826F-2DF37B58AEDD}" = 3200
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F1E6C64-D804-4736-9614-72575FB19500}" = STOPzilla
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a73c9dac-6f21-436f-85d2-3e56fa2a252c}" = Nero 9 Essentials
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2F34D92-C5CF-4801-90CB-D04A5634B334}" = TweetDeck
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0E96CF4-8D51-4DF4-9AB9-60666AAE4210}" = Ralink RT2860 Wireless LAN Card
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"ID Vault" = AOL OnePoint
"Identity Card" = Identity Card
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem90" = Adobe Premiere Elements 9
"Revo Uninstaller" = Revo Uninstaller 1.94
"ShapeCollage" = Shape Collage
"StartNow Toolbar" = StartNow Toolbar
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Trusted Software Assistant_is1" = File Type Assistant
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 2.0.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"AOL Toolbar" = AOL Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2012 8:32:15 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/23/2012 4:32:59 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/23/2012 4:32:59 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/23/2012 4:32:59 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/23/2012 4:32:59 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/23/2012 10:02:21 PM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/24/2012 11:44:50 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/24/2012 11:44:50 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/24/2012 11:44:50 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/24/2012 11:44:50 AM | Computer Name = Terry-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/24/2011 7:18:42 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:18:42 PM - Error connecting to the internet. 4:18:42 PM - Unable
to contact server..

Error - 4/24/2011 7:18:48 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:18:47 PM - Error connecting to the internet. 4:18:47 PM - Unable
to contact server..

Error - 4/26/2011 7:39:25 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:39:25 AM - Error connecting to the internet. 4:39:25 AM - Unable
to contact server..

Error - 4/29/2011 7:00:57 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:00:57 PM - Error connecting to the internet. 4:00:57 PM - Unable
to contact server..

Error - 4/29/2011 7:01:37 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:01:36 PM - Error connecting to the internet. 4:01:36 PM - Unable
to contact server..

Error - 5/1/2011 7:33:58 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:33:58 PM - Error connecting to the internet. 4:33:58 PM - Unable
to contact server..

Error - 5/1/2011 7:34:04 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:34:03 PM - Error connecting to the internet. 4:34:03 PM - Unable
to contact server..

Error - 6/1/2011 7:03:06 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:02:57 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 8/11/2011 7:33:23 AM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:33:23 AM - Error connecting to the internet. 4:33:23 AM - Unable
to contact server..

Error - 9/13/2011 7:46:36 PM | Computer Name = Terry-PC | Source = MCUpdate | ID = 0
Description = 4:46:32 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]
Error - 11/6/2012 3:30:15 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

Error - 11/6/2012 3:30:48 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp is3srv

Error - 11/6/2012 9:38:04 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater13.2.0 service failed to start due to the following
error: %%2

Error - 11/6/2012 9:38:04 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

Error - 11/6/2012 9:38:15 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp is3srv

Error - 11/6/2012 11:29:02 AM | Computer Name = Terry-PC | Source = DCOM | ID = 10010
Description =

Error - 11/6/2012 11:32:22 AM | Computer Name = Terry-PC | Source = DCOM | ID = 10010
Description =

Error - 11/6/2012 11:33:27 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater13.2.0 service failed to start due to the following
error: %%2

Error - 11/6/2012 11:33:30 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
error: %%1064

Error - 11/6/2012 11:34:00 AM | Computer Name = Terry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp is3srv

< End of report >


----------



## TerryD55 (Oct 22, 2012)

*OTL LOG PT 1
*

OTL logfile created on: 11/6/2012 7:54:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.87 Gb Available Physical Memory | 81.56% Memory free
11.93 Gb Paging File | 10.14 Gb Available in Paging File | 84.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 697.22 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 98.54 Gb Free Space | 33.07% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/06 07:53:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2012/10/24 08:16:18 | 000,056,696 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2012/10/24 08:16:08 | 000,219,000 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2012/10/10 01:16:38 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/14 07:01:33 | 000,061,784 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe
PRC - [2012/09/14 07:01:30 | 006,185,304 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\AOL OnePoint\IDVault.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/07/13 14:07:56 | 004,612,424 | ---- | M] (Easy Hide IP) -- C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
PRC - [2011/06/17 09:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/25 04:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/14 07:01:32 | 000,104,280 | ---- | M] () -- C:\Program Files (x86)\AOL OnePoint\IdVaultCore.XmlSerializers.dll
MOD - [2012/09/07 09:25:52 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\AOL OnePoint\sqlite3.dll
MOD - [2012/06/14 02:41:33 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 02:41:32 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/14 02:36:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/14 02:36:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f6e40535606ea1d79d2a3a1d7e85a743\System.Web.Services.ni.dll
MOD - [2012/06/14 02:36:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 02:36:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 02:36:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 02:35:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 02:35:55 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/09 02:43:43 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/09 02:42:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/09 02:42:05 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/09 02:42:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 02:42:03 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/09 02:42:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/09 02:39:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 02:39:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/09 02:39:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/09 02:39:04 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/09 02:38:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 02:38:51 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/09 02:38:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 02:38:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 02:38:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 02:38:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/12/11 17:59:50 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:*64bit:* - [2012/09/07 15:46:15 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:*64bit:* - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:*64bit:* - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:*64bit:* - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:*64bit:* - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/01 07:44:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012/10/24 08:16:18 | 000,056,696 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2012/10/09 03:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/14 07:01:33 | 000,061,784 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/06/17 09:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/27 10:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:*64bit:* - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:*64bit:* - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:*64bit:* - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:*64bit:* - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:*64bit:* - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:*64bit:* - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:*64bit:* - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:*64bit:* - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/12 08:28:48 | 000,074,872 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:*64bit:* - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 2F 7B 81 00 BB CD 01 [binary data]
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2012/10/31 15:41:55 | 000,000,000 | ---D | M]

[2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2012/11/03 19:03:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-254241989-344465633-3051194989-1001..\Run: [Akamai NetSession Interface] C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-254241989-344465633-3051194989-1001..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKU\S-1-5-21-254241989-344465633-3051194989-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:*64bit:* - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll File not found
O18:*64bit:* - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - AOL Toolbar
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{19E20193-25C3-45C1-944C-2B82B9ED7233} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL OnePoint.lnk - C:\Program Files (x86)\AOL OnePoint\IDVault.exe - (White Sky, Inc.)
MsConfig:64bit - StartUpReg: *AdobeAAMUpdater-1.0* - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *APSDaemon* - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *DW6* - hkey= - key= - C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
MsConfig:64bit - StartUpReg: *DW7* - hkey= - key= - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
MsConfig:64bit - StartUpReg: *EasyDownloads* - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: *Gateway Photo Frame* - hkey= - key= - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
MsConfig:64bit - StartUpReg: *googletalk* - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: *Hotkey Utility* - hkey= - key= - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *RemoteControl11* - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: *SUPERAntiSpyware* - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/06 07:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/06 07:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2012/11/05 09:22:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/05 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\ComboFix logs
[2012/11/03 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Logs
[2012/11/02 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Adobe Photoshop Elements 11
[2012/11/02 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/02 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/11/02 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Calling Card
[2012/11/02 09:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAHCS remoteIT Support
[2012/11/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/11/02 08:18:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Applet
[2012/11/01 16:58:58 | 000,074,872 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012/11/01 16:58:51 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2012/11/01 16:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/11/01 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{28B37C5F-0747-4FF2-8108-F3BD26E2D0E3}
[2012/10/31 16:36:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/31 16:36:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/31 16:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/31 16:36:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/31 16:36:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/31 16:36:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/31 16:36:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/31 16:36:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/31 16:36:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/31 16:36:04 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/31 16:36:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/31 16:36:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/31 16:36:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/31 16:36:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/31 16:36:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/31 16:36:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/31 16:36:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/31 16:36:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/31 16:36:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/31 16:36:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/31 16:36:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/31 16:36:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/31 16:34:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/31 16:34:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2012/10/29 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/29 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/28 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\GRETECH
[2012/10/28 18:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/28 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Old Firefox Data
[2012/10/28 12:24:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 12:24:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 12:24:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 12:19:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/24 08:16:38 | 000,023,416 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/10/24 08:16:26 | 000,681,848 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/10/24 08:16:22 | 000,509,816 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/10/23 21:22:40 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/10/22 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Curiolab
[2012/10/22 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/10/22 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/10/22 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/10/21 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\DriverCure
[2012/10/21 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\SpeedyPC Software
[2012/10/21 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/20 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
[2012/10/20 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\MFAData
[2012/10/20 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/20 08:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/10/17 13:32:32 | 000,000,000 | ---D | C] -- C:\Users\Terry\Documents\GomPlayer
[2012/10/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\uTorrent
[2012/10/14 11:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/14 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
[2012/10/12 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{DC84B566-B8D7-4FDA-A2EB-94D3A13F434E}
[2012/10/11 09:06:36 | 000,231,288 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2012/10/11 09:06:36 | 000,029,048 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2012/10/11 09:06:34 | 000,391,032 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2012/10/11 09:06:32 | 000,100,216 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2012/10/11 09:06:26 | 000,132,984 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2012/10/11 09:06:26 | 000,104,312 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2012/10/11 09:06:24 | 000,460,664 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2012/10/11 09:06:24 | 000,067,448 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2012/10/11 09:06:22 | 000,817,016 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2012/10/10 13:38:07 | 000,000,000 | ---D | C] -- C:\Users\Terry\Citrix
[2012/10/10 01:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/10/10 00:48:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 00:48:57 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 00:48:57 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 00:48:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 00:48:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 00:48:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 00:48:44 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 00:48:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 00:48:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 00:48:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 00:48:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 00:48:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 00:48:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 00:48:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 00:48:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 00:48:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 00:48:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 00:48:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 00:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 00:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 00:48:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 00:48:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 00:48:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 00:48:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 00:48:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 00:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 00:48:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 00:48:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 00:48:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 00:48:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 00:48:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 00:48:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 00:48:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 00:48:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 00:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 00:48:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 00:48:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 00:48:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 00:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 00:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 00:48:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 00:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 00:48:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 00:48:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 00:48:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 00:48:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 00:48:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 00:48:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 00:48:05 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 00:47:24 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 00:47:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 22:11:52 | 000,000,000 | --SD | C] -- C:\Users\Terry\Documents\My Data Sources
[2012/10/07 14:03:29 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{A592FC42-2548-418D-8148-0F01F35E30FD}
[2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/06 07:59:22 | 000,003,336 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/11/06 07:59:22 | 000,001,872 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/11/06 07:59:22 | 000,001,872 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2012/11/06 07:41:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 07:41:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 07:39:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/06 07:39:28 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/06 07:39:28 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/06 07:33:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/06 07:33:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/06 07:33:08 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/06 07:32:09 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/06 07:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/06 06:33:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/05 17:35:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
[2012/11/05 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
[2012/11/03 19:03:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/01 16:24:12 | 000,000,017 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | M] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 15:40:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/28 12:20:53 | 000,013,453 | ---- | M] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/24 08:16:38 | 000,023,416 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/10/24 08:16:26 | 000,681,848 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/10/24 08:16:22 | 000,509,816 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/10/22 20:27:54 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | M] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:44:45 | 000,000,134 | ---- | M] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | M] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/15 07:02:43 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2012/10/11 09:06:36 | 000,231,288 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2012/10/11 09:06:36 | 000,029,048 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2012/10/11 09:06:34 | 000,391,032 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2012/10/11 09:06:32 | 000,100,216 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2012/10/11 09:06:26 | 000,132,984 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2012/10/11 09:06:26 | 000,104,312 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2012/10/11 09:06:24 | 000,460,664 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2012/10/11 09:06:24 | 000,067,448 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2012/10/11 09:06:22 | 000,817,016 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2012/10/10 15:33:08 | 000,228,763 | ---- | M] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/10 15:30:28 | 000,244,708 | ---- | M] () -- C:\Users\Terry\Documents\Charlotte crime rates.jpg
[2012/10/10 14:50:40 | 000,227,335 | ---- | M] () -- C:\Users\Terry\Documents\sent to Kelly Svcs.jpg
[2012/10/10 13:38:16 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2012/10/09 03:24:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 03:24:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/09 03:24:04 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/06 07:32:09 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | C] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 18:28:23 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 18:28:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 12:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 12:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 12:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 12:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 12:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/28 12:20:53 | 000,013,453 | ---- | C] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 20:27:54 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | C] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:43:12 | 000,000,134 | ---- | C] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | C] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/10 15:30:28 | 000,244,708 | ---- | C] () -- C:\Users\Terry\Documents\Charlotte crime rates.jpg
[2012/10/10 14:50:40 | 000,227,335 | ---- | C] () -- C:\Users\Terry\Documents\sent to Kelly Svcs.jpg
[2012/10/10 13:38:16 | 000,000,081 | ---- | C] () -- C:\CTX.DAT
[2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 17:18:15 | 000,003,336 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 17:18:15 | 000,001,872 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/04/01 16:55:52 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========


----------



## TerryD55 (Oct 22, 2012)

*OTL LOG PT 2*

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< Code: >

< --------- >

< %SYSTEMDRIVE%\*. >
[2012/11/05 09:22:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/11/04 19:01:28 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010/08/29 09:32:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/04/08 11:42:22 | 000,000,000 | ---D | M] -- C:\Intel
[2012/11/02 21:02:40 | 000,000,000 | ---D | M] -- C:\mcafee_mcpr
[2012/10/21 17:03:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/11/02 21:02:42 | 000,000,000 | ---D | M] -- C:\My Passport
[2011/07/11 18:21:06 | 000,000,000 | ---D | M] -- C:\New folder
[2012/11/02 21:02:42 | 000,000,000 | ---D | M] -- C:\OEM
[2012/10/31 16:27:00 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/21 17:03:20 | 000,000,000 | ---D | M] -- C:\PFiles
[2012/11/02 21:04:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/04 07:40:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/11/04 07:33:34 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/11/05 07:34:40 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010/08/29 09:32:44 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/11/06 07:57:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/09/13 14:54:15 | 000,000,000 | ---D | M] -- C:\TEMP
[2012/11/02 21:04:18 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/05 07:12:04 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2011/09/01 16:40:59 | 001,228,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe
[2012/04/01 16:56:00 | 022,259,528 | ---- | M] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2011/04/15 23:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\10e1a9f2.msi
[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\10e1aa0d.msi
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\10e1aa15.msp
[2011/03/17 18:15:32 | 044,327,424 | R--- | M] () -- C:\Windows\Installer\10e1aa2c.msp
[2011/03/17 18:20:22 | 001,961,984 | R--- | M] () -- C:\Windows\Installer\10e1aa4d.msp
[2011/04/19 03:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\10e1aa5d.msi
[2011/04/19 03:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\10e1aa64.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\10e1aa6c.msp
[2010/06/29 14:44:56 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\111b9599.msi
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\11cedfc.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\11cee0c.msp
[2011/06/06 12:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\1321eb05.msi
[2011/10/22 15:21:04 | 021,515,264 | R--- | M] () -- C:\Windows\Installer\13981293.msp
[2011/10/26 22:46:00 | 011,580,928 | R--- | M] () -- C:\Windows\Installer\139812a9.msp
[2011/10/26 22:51:34 | 016,885,760 | R--- | M] () -- C:\Windows\Installer\139812c6.msp
[2011/10/26 22:51:46 | 000,592,896 | R--- | M] () -- C:\Windows\Installer\139812d6.msp
[2011/10/26 23:23:36 | 000,925,696 | R--- | M] () -- C:\Windows\Installer\139812df.msp
[2011/10/26 23:23:32 | 008,821,760 | R--- | M] () -- C:\Windows\Installer\139812f5.msp
[2011/10/26 22:45:26 | 009,177,600 | R--- | M] () -- C:\Windows\Installer\1398130d.msp
[2011/10/22 15:21:00 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\1398132b.msp
[2009/07/08 02:51:17 | 000,423,936 | ---- | M] () -- C:\Windows\Installer\15c4e65.msi
[2009/09/20 10:55:38 | 000,468,992 | ---- | M] () -- C:\Windows\Installer\15c4e6b.msi
[2009/09/20 09:44:02 | 000,939,520 | ---- | M] () -- C:\Windows\Installer\15c4e71.msi
[2009/05/21 18:05:25 | 000,390,144 | ---- | M] () -- C:\Windows\Installer\15c4e77.msi
[2009/05/21 19:40:28 | 000,935,424 | ---- | M] () -- C:\Windows\Installer\15c4e7d.msi
[2008/10/17 09:29:32 | 000,519,680 | ---- | M] () -- C:\Windows\Installer\15c4e83.msi
[2009/05/21 20:28:17 | 000,496,640 | ---- | M] () -- C:\Windows\Installer\15c4e8d.msi
[2009/10/19 13:19:44 | 000,455,168 | ---- | M] () -- C:\Windows\Installer\15c4e93.msi
[2009/05/14 07:50:46 | 000,859,648 | ---- | M] () -- C:\Windows\Installer\15c4e9e.msi
[2009/05/21 19:49:22 | 000,609,280 | ---- | M] () -- C:\Windows\Installer\15c4ea4.msi
[2009/05/14 07:15:22 | 000,459,264 | ---- | M] () -- C:\Windows\Installer\15c4eaa.msi
[2009/09/20 11:36:15 | 000,692,736 | ---- | M] () -- C:\Windows\Installer\15c4eb1.msi
[2009/09/20 07:56:25 | 000,613,376 | ---- | M] () -- C:\Windows\Installer\15c4ebe.msi
[2009/09/20 11:07:47 | 000,678,912 | ---- | M] () -- C:\Windows\Installer\15c4ec4.msi
[2009/09/20 11:24:04 | 000,585,216 | ---- | M] () -- C:\Windows\Installer\15c4eca.msi
[2009/09/20 08:26:42 | 000,751,616 | ---- | M] () -- C:\Windows\Installer\15c4ee4.msi
[2009/05/21 19:46:54 | 000,477,696 | ---- | M] () -- C:\Windows\Installer\15c4eea.msi
[2009/05/21 19:21:36 | 000,822,272 | ---- | M] () -- C:\Windows\Installer\15c4ef3.msi
[2009/05/21 19:05:55 | 000,470,016 | ---- | M] () -- C:\Windows\Installer\15c4ef9.msi
[2009/05/21 17:58:17 | 000,765,440 | ---- | M] () -- C:\Windows\Installer\15c4eff.msi
[2009/05/14 07:41:30 | 000,340,480 | ---- | M] () -- C:\Windows\Installer\15c4f05.msi
[2009/05/21 19:09:31 | 001,054,720 | ---- | M] () -- C:\Windows\Installer\15c4f12.msi
[2008/08/01 13:00:58 | 000,224,256 | ---- | M] () -- C:\Windows\Installer\15c4f18.msi
[2008/08/01 13:00:58 | 003,064,320 | ---- | M] () -- C:\Windows\Installer\15c4f37.msi
[2009/09/20 11:15:49 | 000,857,600 | ---- | M] () -- C:\Windows\Installer\15c4f3d.msi
[2009/09/20 10:22:52 | 002,754,048 | ---- | M] () -- C:\Windows\Installer\15c4f44.msi
[2012/10/05 12:37:50 | 000,498,176 | ---- | M] () -- C:\Windows\Installer\15c4f4a.msi
[2009/07/08 02:51:17 | 000,250,836 | ---- | M] () -- C:\Windows\Installer\15c4f50.msi
[2009/07/08 02:51:17 | 000,269,640 | ---- | M] () -- C:\Windows\Installer\15c4f56.msi
[2011/04/28 08:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\1623a8ae.msp
[2011/07/26 15:58:06 | 003,462,144 | R--- | M] () -- C:\Windows\Installer\1623a8c3.msp
[2010/11/11 12:54:28 | 001,310,720 | R--- | M] () -- C:\Windows\Installer\1686eadc.msp
[2010/11/11 12:54:32 | 001,121,792 | R--- | M] () -- C:\Windows\Installer\1686eadd.msp
[2010/11/11 12:54:36 | 001,002,496 | R--- | M] () -- C:\Windows\Installer\1686eade.msp
[2010/11/19 13:34:20 | 003,459,584 | R--- | M] () -- C:\Windows\Installer\1686eaf4.msp
[2010/10/08 22:12:06 | 008,354,304 | R--- | M] () -- C:\Windows\Installer\1686eb0a.msp
[2010/11/11 12:52:30 | 013,486,592 | R--- | M] () -- C:\Windows\Installer\1686eb12.msp
[2010/11/24 10:51:00 | 002,190,336 | R--- | M] () -- C:\Windows\Installer\1686eb25.msp
[2010/07/22 02:43:30 | 000,257,024 | R--- | M] () -- C:\Windows\Installer\1686eb3a.msp
[2012/07/04 06:59:50 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\1790df0.msp
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\Windows\Installer\1790df9.msp
[2012/07/04 06:58:24 | 006,163,456 | R--- | M] () -- C:\Windows\Installer\1790e17.msp
[2012/07/04 07:01:26 | 009,082,368 | R--- | M] () -- C:\Windows\Installer\1790e35.msp
[2012/07/04 07:09:58 | 001,284,096 | R--- | M] () -- C:\Windows\Installer\1790e4b.msp
[2012/07/04 07:12:56 | 004,772,352 | R--- | M] () -- C:\Windows\Installer\1790e62.msp
[2012/07/04 07:04:30 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\1790e6c.msp
[2012/07/19 01:45:30 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\1790e81.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\Windows\Installer\1790e8a.msp
[2011/08/30 17:03:58 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\18129981.msi
[2011/11/14 15:01:56 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\18129988.msp
[2012/05/09 02:01:21 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\187076cf.msp
[2012/03/15 12:11:26 | 001,989,632 | R--- | M] () -- C:\Windows\Installer\187076e4.msp
[2012/03/15 12:11:30 | 066,812,928 | R--- | M] () -- C:\Windows\Installer\187076fb.msp
[2012/03/15 12:12:04 | 004,968,960 | R--- | M] () -- C:\Windows\Installer\18707712.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\1870771b.msp
[2012/03/15 12:09:50 | 017,165,312 | R--- | M] () -- C:\Windows\Installer\18707739.msp
[2012/04/04 21:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\1870774a.msp
[2011/12/15 13:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\18707775.msp
[2012/01/19 13:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\18707782.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\1870778a.msp
[2012/04/23 09:32:14 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\187077a0.msp
[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\Windows\Installer\18c4e9ea.msp
[2011/11/22 00:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\19650518.msp
[2010/10/21 16:46:08 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\199cdc14.msi
[2010/10/21 16:46:08 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\199cdc1f.msi
[2010/10/21 16:46:10 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\199cdc23.msi
[2010/10/21 16:46:23 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\199cdc92.msi
[2010/10/21 16:46:24 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\199cdc96.msi
[2011/01/14 11:56:34 | 003,458,560 | R--- | M] () -- C:\Windows\Installer\19b23a6c.msp
[2006/12/02 01:20:42 | 003,227,648 | ---- | M] () -- C:\Windows\Installer\1ba62.msi
[2010/03/18 16:29:04 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\1da0e8d8.msi
[2009/07/12 01:35:00 | 002,736,640 | ---- | M] () -- C:\Windows\Installer\1e61af27.msi
[2011/05/19 11:27:43 | 000,369,152 | ---- | M] () -- C:\Windows\Installer\1e61af2c.msi
[2010/10/27 14:24:16 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\1ec0d85.msp
[2010/08/13 14:04:18 | 008,111,104 | R--- | M] () -- C:\Windows\Installer\1ec0d9b.msp
[2010/07/22 18:28:50 | 000,287,232 | R--- | M] () -- C:\Windows\Installer\1ec0db1.msp
[2010/08/13 14:08:34 | 041,272,320 | R--- | M] () -- C:\Windows\Installer\1ec0dca.msp
[2010/10/23 02:13:56 | 009,177,600 | R--- | M] () -- C:\Windows\Installer\1ec0de0.msp
[2010/08/05 17:41:28 | 001,502,208 | R--- | M] () -- C:\Windows\Installer\1ec0de8.msp
[2010/08/05 17:41:32 | 000,126,976 | R--- | M] () -- C:\Windows\Installer\1ec0def.msp
[2011/07/26 10:36:38 | 001,629,696 | ---- | M] () -- C:\Windows\Installer\1ee9857.msi
[2012/01/03 09:58:05 | 015,929,344 | R--- | M] () -- C:\Windows\Installer\1f962.msp
[2011/02/16 01:40:48 | 003,460,608 | R--- | M] () -- C:\Windows\Installer\20331419.msp
[2011/01/24 17:16:02 | 000,014,336 | R--- | M] () -- C:\Windows\Installer\20331421.msp
[2011/01/14 11:54:42 | 008,739,328 | R--- | M] () -- C:\Windows\Installer\20331438.msp
[2011/06/23 10:41:06 | 012,565,504 | ---- | M] () -- C:\Windows\Installer\21a1d780.msi
[2011/04/28 17:35:20 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\21bdb762.msp
[2011/05/04 17:24:25 | 000,266,240 | ---- | M] () -- C:\Windows\Installer\2222ab54.msi
[2012/04/04 05:32:41 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\24948e7e.msp
[2012/07/27 17:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\250bb.msp
[2011/07/11 16:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\25ca4e66.msp
[2012/03/21 04:57:52 | 001,591,808 | R--- | M] () -- C:\Windows\Installer\25f2530c.msp
[2012/03/21 04:58:06 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\25f25313.msp
[2012/02/17 02:50:50 | 001,236,480 | R--- | M] () -- C:\Windows\Installer\25f25329.msp
[2012/04/01 15:27:20 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\25f2533f.msp
[2012/03/07 14:03:14 | 023,710,208 | R--- | M] () -- C:\Windows\Installer\25f25347.msp
[2012/03/07 14:01:28 | 001,907,712 | R--- | M] () -- C:\Windows\Installer\25f2534e.msp
[2012/02/22 14:17:30 | 002,221,568 | R--- | M] () -- C:\Windows\Installer\25f25360.msp
[2012/02/09 06:27:42 | 000,206,848 | R--- | M] () -- C:\Windows\Installer\25f25367.msp
[2012/01/22 09:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\25f25371.msp
[2008/03/18 12:16:02 | 001,435,136 | ---- | M] () -- C:\Windows\Installer\27c55.msi
[2011/12/26 06:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\2a6d6e3.msp
[2009/08/20 14:51:52 | 003,204,608 | R--- | M] () -- C:\Windows\Installer\2b1d9.msp
[2011/06/29 15:38:18 | 000,233,472 | ---- | M] () -- C:\Windows\Installer\2de120d.msi
[2012/03/31 08:26:45 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\2ff525ea.msi
[2011/08/31 11:54:52 | 001,448,448 | ---- | M] () -- C:\Windows\Installer\327edad.msi
[2011/10/24 11:43:00 | 020,311,040 | ---- | M] () -- C:\Windows\Installer\33e72161.msi
[2011/10/24 15:43:44 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\33e72165.msi
[2010/09/08 11:56:21 | 027,747,328 | ---- | M] () -- C:\Windows\Installer\377b48d4.msi
[2010/09/08 11:58:09 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\377b48dc.msi
[2010/09/08 11:58:10 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\377b48e4.msi
[2010/09/08 11:58:10 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\377b48ec.msi
[2010/09/08 11:58:10 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\377b48f4.msi
[2011/09/28 12:11:30 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\377b4936.msi
[2011/03/25 08:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\3984b5ec.msp
[2011/04/13 10:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\3984b603.msp
[2012/02/29 22:55:44 | 003,462,656 | R--- | M] () -- C:\Windows\Installer\406bf6d3.msp
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\4397b73.msp
[2012/09/05 15:25:30 | 002,221,568 | R--- | M] () -- C:\Windows\Installer\4397b85.msp
[2012/09/07 21:07:04 | 002,201,088 | R--- | M] () -- C:\Windows\Installer\4397b9a.msp
[2012/07/19 01:45:14 | 043,188,224 | R--- | M] () -- C:\Windows\Installer\4397bb3.msp
[2012/09/20 09:18:22 | 003,467,264 | R--- | M] () -- C:\Windows\Installer\4397bc9.msp
[2012/09/03 07:34:34 | 014,581,760 | ---- | M] () -- C:\Windows\Installer\4442cb.msi
[2011/10/26 16:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\4465c85c.msp
[2012/01/25 01:32:36 | 003,458,560 | R--- | M] () -- C:\Windows\Installer\4465c871.msp
[2012/01/05 06:21:26 | 004,964,864 | R--- | M] () -- C:\Windows\Installer\4465c887.msp
[2011/11/18 18:52:34 | 009,183,232 | R--- | M] () -- C:\Windows\Installer\4465c89d.msp
[2011/08/21 22:18:54 | 001,585,152 | R--- | M] () -- C:\Windows\Installer\44e81a15.msp
[2011/08/21 22:19:26 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\44e81a1c.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\44e81a25.msp
[2011/07/21 11:41:08 | 008,413,696 | R--- | M] () -- C:\Windows\Installer\44e81a42.msp
[2011/08/15 22:56:36 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\44e81a58.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\44e81a61.msp
[2011/07/21 11:45:00 | 003,809,792 | R--- | M] () -- C:\Windows\Installer\44e81a77.msp
[2011/06/19 22:28:52 | 018,457,088 | R--- | M] () -- C:\Windows\Installer\44e81a7f.msp
[2011/07/21 11:51:52 | 009,623,040 | R--- | M] () -- C:\Windows\Installer\44e81a95.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\44e81aab.msp
[2011/07/21 11:36:40 | 066,808,320 | R--- | M] () -- C:\Windows\Installer\44e81ac3.msp
[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\44e81acc.msp
[2011/06/19 22:33:20 | 000,407,552 | R--- | M] () -- C:\Windows\Installer\44e81ae2.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\44e81aeb.msp
[2011/10/01 15:17:33 | 000,298,496 | ---- | M] () -- C:\Windows\Installer\47a53a9b.msi
[2010/08/16 10:45:20 | 001,432,064 | ---- | M] () -- C:\Windows\Installer\48b57f.msi
[2008/07/17 12:47:30 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\4af64.msi
[2007/05/16 11:08:22 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\4af9c.msi
[2009/07/26 11:15:22 | 001,449,984 | ---- | M] () -- C:\Windows\Installer\4afa1.msi
[2007/06/21 15:29:01 | 008,562,688 | ---- | M] () -- C:\Windows\Installer\4afb6.msi
[2007/02/13 15:31:48 | 000,361,984 | ---- | M] () -- C:\Windows\Installer\4afbb.msi
[2007/03/22 08:03:47 | 000,356,864 | ---- | M] () -- C:\Windows\Installer\4afc0.msi
[2007/12/13 16:57:16 | 000,032,768 | R--- | M] () -- C:\Windows\Installer\4afce.msp
[2009/07/21 23:08:34 | 000,262,144 | ---- | M] () -- C:\Windows\Installer\4b65dba.msi
[2010/07/10 19:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\4b65dd3.msp
[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\4b65de6.msp
[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\4b65e61.msp
[2009/04/04 06:35:30 | 038,325,760 | R--- | M] () -- C:\Windows\Installer\4b65e9c.msp
[2008/09/30 20:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\4b65ead.msi
[2009/07/20 23:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\4b65ed0.msi
[2009/04/04 06:35:48 | 036,977,152 | R--- | M] () -- C:\Windows\Installer\4b65eef.msp
[2010/07/09 16:28:46 | 002,151,424 | R--- | M] () -- C:\Windows\Installer\4b65f06.msp
[2010/04/24 16:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\4b65f0e.msp
[2010/07/16 07:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\4d324c28.msp
[2010/08/13 17:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\4d324c43.msp
[2010/08/13 16:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\4d324c5c.msp
[2011/05/18 22:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\4f2e3a05.msp
[2011/04/06 19:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\4f2e3a25.msp
[2012/02/16 03:01:11 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\50b5969.msp
[2007/04/10 17:31:24 | 000,930,816 | ---- | M] () -- C:\Windows\Installer\5960398.msi
[2010/09/20 20:27:33 | 005,818,368 | ---- | M] () -- C:\Windows\Installer\5a459e4.msi
[2010/09/20 20:28:34 | 000,194,560 | ---- | M] () -- C:\Windows\Installer\5a459ea.msi
[2012/08/07 08:01:25 | 000,461,312 | ---- | M] () -- C:\Windows\Installer\609e22.msi
[2012/09/08 20:05:02 | 027,549,696 | ---- | M] () -- C:\Windows\Installer\612e32d.msi
[2012/09/08 20:12:06 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\612e33d.msi
[2010/11/11 06:35:06 | 041,618,944 | ---- | M] () -- C:\Windows\Installer\6378ad5.msi
[2010/11/11 06:36:06 | 021,570,560 | ---- | M] () -- C:\Windows\Installer\6378adc.msi
[2010/11/11 06:36:26 | 000,680,960 | ---- | M] () -- C:\Windows\Installer\6378aed.msi
[2010/12/15 05:16:58 | 003,460,608 | R--- | M] () -- C:\Windows\Installer\654693fd.msp
[2010/11/10 00:23:40 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\6bdc9215.msp
[2010/11/10 03:58:48 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\6bdc922e.msp
[2010/11/10 02:20:22 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\6bdc9250.msp
[2010/11/10 02:16:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\6bdc926f.msp
[2010/11/10 02:18:26 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\6bdc929e.msp
[2010/11/10 01:15:38 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\6bdc92a6.msp
[2010/11/10 00:46:30 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\6bdc92b7.msp
[2010/11/10 01:20:38 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\6bdc92cd.msp
[2010/11/10 01:36:26 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\6bdc92e9.msp
[2010/11/10 01:31:00 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\6bdc92f4.msp
[2010/11/10 01:39:06 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\6bdc92fc.msp
[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\6d59600.msi
[2011/09/15 18:37:40 | 037,148,160 | R--- | M] () -- C:\Windows\Installer\70d1386.msp
[2011/09/15 18:37:32 | 038,176,256 | R--- | M] () -- C:\Windows\Installer\70d13a4.msp
[2010/12/11 17:55:09 | 002,863,104 | ---- | M] () -- C:\Windows\Installer\71d0b267.msi
[2010/12/11 17:55:07 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\71d0b26d.msi
[2010/12/11 17:55:20 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\71d0b275.msi
[2010/12/11 17:55:34 | 001,802,240 | ---- | M] () -- C:\Windows\Installer\71d0b27c.msi
[2010/12/11 17:55:36 | 002,115,584 | ---- | M] () -- C:\Windows\Installer\71d0b282.msi
[2010/12/11 17:55:37 | 000,653,824 | ---- | M] () -- C:\Windows\Installer\71d0b288.msi
[2010/12/11 17:55:37 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\71d0b28e.msi
[2010/12/11 17:55:41 | 000,663,040 | ---- | M] () -- C:\Windows\Installer\71d0b294.msi
[2010/12/11 17:55:39 | 000,667,648 | ---- | M] () -- C:\Windows\Installer\71d0b29b.msi
[2010/12/11 17:55:38 | 000,656,896 | ---- | M] () -- C:\Windows\Installer\71d0b2a1.msi
[2010/12/11 17:55:38 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\71d0b2a7.msi
[2010/12/11 17:55:42 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\71d0b2ad.msi
[2010/12/11 17:55:45 | 001,813,504 | ---- | M] () -- C:\Windows\Installer\71d0b2b4.msi
[2010/12/11 17:55:44 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\71d0b2ba.msi
[2010/12/11 17:55:47 | 001,810,944 | ---- | M] () -- C:\Windows\Installer\71d0b2c0.msi
[2010/12/11 17:55:49 | 001,819,648 | ---- | M] () -- C:\Windows\Installer\71d0b2e6.msi
[2010/12/11 17:56:22 | 003,025,408 | ---- | M] () -- C:\Windows\Installer\71d0b2ef.msi
[2010/12/11 17:55:57 | 026,604,032 | ---- | M] () -- C:\Windows\Installer\71d0bab9.msi
[2012/03/15 13:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\76a7241.msp
[2012/04/22 21:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\76a724a.msp
[2012/05/17 01:58:50 | 003,462,144 | R--- | M] () -- C:\Windows\Installer\76a725f.msp
[2011/12/12 16:13:06 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\7d3fb8a.msp
[2011/04/28 19:26:42 | 002,426,880 | R--- | M] () -- C:\Windows\Installer\7fb928.msp
[2011/04/28 19:27:08 | 013,031,936 | R--- | M] () -- C:\Windows\Installer\7fb955.msp
[2011/04/28 19:26:42 | 003,994,624 | R--- | M] () -- C:\Windows\Installer\7fb966.msp
[2011/04/28 19:27:46 | 014,467,072 | R--- | M] () -- C:\Windows\Installer\7fb973.msp
[2011/04/28 19:33:30 | 425,345,024 | R--- | M] () -- C:\Windows\Installer\7fba9b.msp
[2011/04/28 19:27:58 | 000,608,768 | R--- | M] () -- C:\Windows\Installer\7fbaa2.msp
[2011/04/28 19:34:24 | 011,155,456 | R--- | M] () -- C:\Windows\Installer\7fbab5.msp
[2011/04/28 22:28:46 | 011,056,128 | R--- | M] () -- C:\Windows\Installer\7fbac8.msp
[2011/04/28 22:28:12 | 016,972,800 | R--- | M] () -- C:\Windows\Installer\7fbadd.msp
[2009/04/24 11:38:18 | 001,229,312 | R--- | M] () -- C:\Windows\Installer\86a26f3.msp
[2009/04/24 11:31:18 | 001,425,920 | R--- | M] () -- C:\Windows\Installer\86a26fe.msp
[2012/05/30 17:01:12 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\8db44.msi
[2010/10/21 16:46:23 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\8db4d.msi
[2012/05/30 17:01:12 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\8db52.msp
[2010/10/21 16:46:02 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\8db57.msi
[2012/05/30 17:01:01 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\8db66.msp
[2010/10/21 16:46:06 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\8db6b.msi
[2012/05/30 17:01:12 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\8db7f.msp
[2010/10/21 16:46:10 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\8db84.msi
[2012/05/30 17:01:13 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\8db89.msp
[2010/10/21 16:46:11 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\8db8e.msi
[2012/05/30 17:01:13 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\8db9a.msp
[2011/11/09 07:39:51 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\8db9f.msi
[2012/05/30 17:01:13 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\8dba7.msp
[2010/10/21 16:46:17 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\8dbaf.msi
[2012/05/30 17:01:14 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\8dbcb.msp
[2011/11/09 07:39:58 | 022,647,296 | ---- | M] () -- C:\Windows\Installer\8dbd3.msi
[2012/05/30 17:01:15 | 005,535,744 | R--- | M] () -- C:\Windows\Installer\8dbe6.msp
[2010/10/21 16:46:26 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\8dbed.msi
[2012/05/30 17:01:16 | 005,868,544 | R--- | M] () -- C:\Windows\Installer\8dc04.msp
[2010/10/21 16:46:27 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\8dc09.msi
[2012/05/30 17:01:16 | 002,957,312 | R--- | M] () -- C:\Windows\Installer\8dc23.msp
[2010/10/21 16:46:37 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\8dc2e.msi
[2012/05/30 17:01:18 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\8dc59.msp
[2010/10/21 16:46:41 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\8dc61.msi
[2012/05/30 17:01:18 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\8dc6a.msp
[2010/10/21 16:46:43 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\8dc73.msi
[2012/05/30 17:01:19 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\8dc7c.msp
[2011/11/09 07:40:14 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\8dc81.msi
[2012/05/30 17:01:01 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\8dc87.msp
[2010/10/21 16:46:05 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\8dc8c.msi
[2012/05/30 17:01:20 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\8dc95.msp
[2010/10/21 16:46:18 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\8dc9a.msi
[2012/05/30 17:01:20 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\8dca4.msp
[2011/11/09 07:40:18 | 006,661,632 | ---- | M] () -- C:\Windows\Installer\8dcaa.msi
[2012/05/30 17:01:20 | 005,124,096 | R--- | M] () -- C:\Windows\Installer\8dcb4.msp
[2010/10/21 16:46:28 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\8dcba.msi
[2012/05/30 17:01:20 | 000,635,904 | R--- | M] () -- C:\Windows\Installer\8dcc0.msp
[2010/10/21 16:46:29 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\8dcc5.msi
[2012/05/30 17:01:21 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\8dcca.msp
[2010/10/21 16:46:38 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\8dcd0.msi
[2012/05/30 17:01:21 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\8dcdb.msp
[2010/10/21 16:46:43 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\8dce1.msi
[2012/05/30 17:01:23 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\8dce6.msp
[2010/10/21 16:46:44 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\8dcec.msi
[2012/05/30 17:01:23 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\8dcf1.msp
[2012/07/07 14:55:15 | 013,065,216 | ---- | M] () -- C:\Windows\Installer\9021577.msi
[2012/08/29 21:39:12 | 003,463,680 | R--- | M] () -- C:\Windows\Installer\96b0025.msp
[2012/10/28 18:28:13 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\a51be1.msi
[2010/04/08 11:58:14 | 003,779,584 | ---- | M] () -- C:\Windows\Installer\a660.msi
[2010/02/02 23:13:46 | 001,411,584 | ---- | M] () -- C:\Windows\Installer\a679.msi
[2010/02/02 23:13:32 | 000,035,840 | ---- | M] () -- C:\Windows\Installer\a68b.msi
[2010/02/02 23:14:14 | 000,048,128 | ---- | M] () -- C:\Windows\Installer\a696.msi
[2010/02/02 23:14:18 | 003,675,136 | ---- | M] () -- C:\Windows\Installer\a69c.msi
[2010/02/02 23:14:06 | 003,653,120 | ---- | M] () -- C:\Windows\Installer\a6a9.msi
[2010/02/02 23:14:02 | 003,599,872 | ---- | M] () -- C:\Windows\Installer\a6af.msi
[2010/02/02 23:14:10 | 003,600,384 | ---- | M] () -- C:\Windows\Installer\a6b5.msi
[2010/02/02 23:13:58 | 003,601,408 | ---- | M] () -- C:\Windows\Installer\a6bb.msi
[2010/02/02 23:13:54 | 003,600,384 | ---- | M] () -- C:\Windows\Installer\a6c1.msi
[2010/02/02 23:14:16 | 003,600,384 | ---- | M] () -- C:\Windows\Installer\a6c7.msi
[2010/02/02 23:14:20 | 003,609,088 | ---- | M] () -- C:\Windows\Installer\a6cd.msi
[2010/02/02 23:14:22 | 000,031,232 | ---- | M] () -- C:\Windows\Installer\a6d3.msi
[2010/02/02 23:14:08 | 003,609,600 | ---- | M] () -- C:\Windows\Installer\a6d9.msi
[2010/02/02 23:14:04 | 003,608,576 | ---- | M] () -- C:\Windows\Installer\a6df.msi
[2010/02/02 23:14:12 | 003,608,576 | ---- | M] () -- C:\Windows\Installer\a6e5.msi
[2010/02/02 23:14:00 | 003,608,576 | ---- | M] () -- C:\Windows\Installer\a6eb.msi
[2010/02/02 23:13:56 | 003,604,480 | ---- | M] () -- C:\Windows\Installer\a6f1.msi
[2010/02/02 23:14:16 | 004,103,680 | ---- | M] () -- C:\Windows\Installer\a6f7.msi
[2010/04/08 12:08:02 | 000,020,480 | ---- | M] () -- C:\Windows\Installer\a70b.msi
[2009/07/12 11:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\a711.msi
[2009/07/12 06:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\a717.msi
[2012/11/01 16:57:55 | 021,041,152 | ---- | M] () -- C:\Windows\Installer\acf65.msi
[2012/06/20 01:06:38 | 001,839,104 | R--- | M] () -- C:\Windows\Installer\b4080d2.msp
[2012/04/05 00:56:02 | 002,820,096 | R--- | M] () -- C:\Windows\Installer\b4080e8.msp
[2012/06/20 01:00:10 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\b4080fe.msp
[2012/06/20 00:29:46 | 005,262,848 | R--- | M] () -- C:\Windows\Installer\b408117.msp
[2011/03/08 12:33:36 | 054,645,248 | R--- | M] () -- C:\Windows\Installer\be42579e.msp
[2011/02/11 07:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\be4257b2.msp
[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\be4257b9.msp
[2011/03/17 18:27:48 | 003,462,656 | R--- | M] () -- C:\Windows\Installer\be4257cf.msp
[2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\be4257d8.msp
[2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\be4257e1.msp
[2010/11/20 22:34:34 | 001,198,080 | R--- | M] () -- C:\Windows\Installer\be4257f1.msp
[2011/01/14 10:50:20 | 044,318,720 | R--- | M] () -- C:\Windows\Installer\be425810.msp
[2010/10/23 01:18:50 | 001,508,864 | R--- | M] () -- C:\Windows\Installer\be425818.msp
[2010/10/23 01:18:54 | 000,126,976 | R--- | M] () -- C:\Windows\Installer\be42581f.msp
[2011/10/16 14:38:36 | 100,966,912 | R--- | M] () -- C:\Windows\Installer\cebcb2.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\cebcbb.msp
[2011/10/26 22:49:42 | 010,427,392 | R--- | M] () -- C:\Windows\Installer\cebcc3.msp
[2011/10/26 22:49:36 | 016,245,760 | R--- | M] () -- C:\Windows\Installer\cebccb.msp
[2011/10/26 22:47:50 | 010,328,064 | R--- | M] () -- C:\Windows\Installer\cebcd5.msp
[2011/10/26 22:46:54 | 001,833,472 | R--- | M] () -- C:\Windows\Installer\cebceb.msp
[2011/10/26 22:46:12 | 000,794,112 | R--- | M] () -- C:\Windows\Installer\cebd01.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\cebd0a.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\cebd1a.msp
[2011/12/01 16:16:00 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\cebd30.msp
[2011/10/16 14:28:16 | 001,138,688 | R--- | M] () -- C:\Windows\Installer\cebd46.msp
[2011/10/16 14:45:34 | 004,966,912 | R--- | M] () -- C:\Windows\Installer\cebd5c.msp
[2011/10/26 22:45:40 | 066,426,368 | R--- | M] () -- C:\Windows\Installer\cebd73.msp
[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\Windows\Installer\cebd7c.msp
[2012/09/16 23:35:26 | 002,118,144 | ---- | M] () -- C:\Windows\Installer\cfd08.msi
[2012/10/10 06:38:28 | 000,031,232 | ---- | M] () -- C:\Windows\Installer\e6a5e2.msi
[2011/11/09 07:39:44 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\e9a343.msi
[2011/11/09 07:39:47 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\e9a355.msp
[2011/11/09 07:39:48 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\e9a369.msp
[2011/11/09 07:39:49 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\e9a382.msp
[2011/11/09 07:39:49 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\e9a38c.msp
[2011/11/09 07:39:50 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\e9a39d.msp
[2011/11/09 07:39:51 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\e9a3b6.msp
[2011/11/09 07:40:01 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\e9a3da.msp
[2011/11/09 07:40:04 | 005,872,128 | R--- | M] () -- C:\Windows\Installer\e9a41b.msp
[2011/11/09 07:40:07 | 002,956,288 | R--- | M] () -- C:\Windows\Installer\e9a43a.msp
[2011/11/09 07:40:12 | 014,623,744 | R--- | M] () -- C:\Windows\Installer\e9a471.msp
[2011/11/09 07:40:13 | 003,731,968 | R--- | M] () -- C:\Windows\Installer\e9a482.msp
[2011/11/09 07:40:14 | 000,205,824 | R--- | M] () -- C:\Windows\Installer\e9a494.msp
[2011/11/09 07:40:15 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\e9a4a4.msp
[2011/11/09 07:40:17 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\e9a4b2.msp
[2011/11/09 07:40:18 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\e9a4c1.msp
[2011/11/09 07:40:20 | 000,636,416 | R--- | M] () -- C:\Windows\Installer\e9a4d9.msp
[2011/11/09 07:40:20 | 000,509,952 | R--- | M] () -- C:\Windows\Installer\e9a4e3.msp
[2011/11/09 07:40:21 | 002,146,816 | R--- | M] () -- C:\Windows\Installer\e9a4f4.msp
[2011/11/09 07:40:22 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\e9a4ff.msp
[2011/11/09 07:40:23 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\e9a50a.msp
[2011/09/17 06:42:26 | 013,135,872 | R--- | M] () -- C:\Windows\Installer\ecd7ff.msp
[2012/09/04 10:23:10 | 132,325,376 | ---- | M] () -- C:\Windows\Installer\f2294b.msi
[41 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >
[2012/10/09 03:24:12 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2011/09/01 17:23:12 | 000,003,502 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Terry-PC-Terry
[2012/10/28 18:28:22 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/10/28 18:28:23 | 000,003,892 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2010/09/29 12:38:42 | 000,003,108 | ---- | M] () -- C:\Windows\SysNative\tasks\RealCreateProcessScheduledTask685196109S-1-5-21-254241989-344465633-3051194989-1001
[2010/10/08 10:21:03 | 000,003,206 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-254241989-344465633-3051194989-1001
[2010/10/08 10:21:02 | 000,003,340 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-254241989-344465633-3051194989-1001
[2010/08/29 13:03:52 | 000,003,242 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2012/08/09 08:35:28 | 000,003,588 | ---- | M] () -- C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042
[2012/08/09 08:35:30 | 000,003,514 | ---- | M] () -- C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37
[2010/09/19 08:46:43 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{0683BC82-8C1A-4A50-89AB-76E6F0E2000F}
[2012/09/20 11:53:25 | 000,003,556 | ---- | M] () -- C:\Windows\SysNative\tasks\{2B0FE4CE-0A31-41CF-80CC-69E230EF6B91}
[2012/05/22 12:44:02 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\{2DD29572-BF27-4834-8EC4-CF3E5DCAC476}
[2010/09/19 17:46:20 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{2F07F134-76B5-4139-A4A1-46B61AC314C5}
[2011/11/12 11:45:49 | 000,003,442 | ---- | M] () -- C:\Windows\SysNative\tasks\{33D9479F-26EF-4AC6-B9D8-76F6F9C571EE}
[2012/06/15 07:28:22 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\tasks\{34A9AF6C-F400-4A62-BD3C-6A6263525F0B}
[2010/09/19 17:34:34 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{36A48130-E980-4F6F-8E3D-FE11722CCC7E}
[2012/07/27 19:14:46 | 000,003,198 | ---- | M] () -- C:\Windows\SysNative\tasks\{65EB418A-6463-412B-A1A5-3C9809A937E1}
[2010/09/21 14:57:57 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{663CCBE3-8C12-401A-9385-F4A4BE249E5B}
[2012/09/19 21:56:22 | 000,002,966 | ---- | M] () -- C:\Windows\SysNative\tasks\{67188DDC-A9EA-4A36-A501-FC9705314E1E}
[2010/09/21 14:56:39 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{76399AAA-FCA6-4F58-AD27-AC1E75A6E63B}
[2010/09/19 08:44:25 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{7640452F-90A3-462D-8711-90D73B40DC18}
[2011/07/26 20:22:13 | 000,003,294 | ---- | M] () -- C:\Windows\SysNative\tasks\{79577837-9767-4E42-B4C5-052F9F880FD0}
[2012/07/08 09:25:03 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\tasks\{82F5C5C0-6AD1-4AD0-BD69-CAE86534291D}
[2011/01/08 21:48:50 | 000,003,110 | ---- | M] () -- C:\Windows\SysNative\tasks\{860C9D8C-2F4D-4D1A-BA45-F40A3C6EBBFA}
[2012/08/09 08:23:23 | 000,003,092 | ---- | M] () -- C:\Windows\SysNative\tasks\{900D27E2-5CAD-4330-8B8D-99D67ED786E3}
[2012/10/31 16:02:56 | 000,003,184 | ---- | M] () -- C:\Windows\SysNative\tasks\{916BEB90-2210-4479-8F8E-0B67D2C3E420}
[2010/09/19 17:33:54 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{9579517A-E5BF-4C94-8F6C-82B138C9EBC4}
[2010/09/19 17:33:38 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{AAA3DAE0-A9CF-405A-B0EF-39AF11AF9380}
[2010/09/21 14:59:23 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{C9B837AF-7E7D-40C8-9506-325622870BF7}
[2010/09/21 11:28:09 | 000,003,266 | ---- | M] () -- C:\Windows\SysNative\tasks\{CE63C5C6-AE7F-442A-82AA-0CE1C00335D3}
[2010/08/29 11:08:00 | 000,003,032 | ---- | M] () -- C:\Windows\SysNative\tasks\{D2D4BEF3-C187-4043-9A20-7C0774215812}
[2010/09/21 14:57:43 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{D6F8B3B3-4805-4EAC-B921-BF4D34C1ABC1}
[2010/09/21 14:56:50 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{D735555C-4802-40E8-A9EF-728863CF0F4F}
[2010/09/19 08:44:41 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\{D838EFB5-8D22-423C-91E7-13A2777A65F0}
[2012/07/27 09:37:15 | 000,003,194 | ---- | M] () -- C:\Windows\SysNative\tasks\{D91A91F8-548C-4C6F-B2BB-7A54FBD1C59E}
[2012/09/18 11:06:59 | 000,002,966 | ---- | M] () -- C:\Windows\SysNative\tasks\{D9B587A7-A03B-48A8-873D-05F527B35D27}
[2011/08/23 17:21:06 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\{D9B8B4B8-3B7D-43B5-BA29-3990AF16781D}
[2012/07/27 19:26:42 | 000,003,198 | ---- | M] () -- C:\Windows\SysNative\tasks\{DE09B16B-CF76-4EE5-9A57-44DBEC57E698}
[2011/08/23 17:21:16 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\{E1016A45-307F-45E6-B766-13236C7006F1}
[2012/09/18 11:34:29 | 000,002,966 | ---- | M] () -- C:\Windows\SysNative\tasks\{EECAB2C0-513B-42F6-8D92-E4BB1D303257}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2009/10/05 22:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/05 22:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/02/04 02:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 02:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/02/04 02:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/05 22:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 02:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/05 21:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\Terry\AppData\Local\Temp\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\Terry\AppData\Local\Temp\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: TERRY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media 
Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System 
Volume 2 C Gateway NTFS Partition 917 GB Healthy Boot 
Volume 3 PQSERVICE NTFS Partition 13 GB Healthy Hidden 
Volume 4 E Removable 0 B No Media 
Volume 5 F Removable 0 B No Media 
Volume 6 G My Passport FAT32 Partition 298 GB Healthy

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks for the logs, got a bit to work on, so lets start 

Your Java is out of date, so lets do that first:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 9 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u9-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u9-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

----------------

Then, can you uninstall these via AddRemove Programs or Start | Programs:

*
Yontoo Layers Client 1.10.01
Vid-Saver
StartNow Toolbar
Window Shopper
*

Reboot, and then, can you run this fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254241989-344465633-3051194989-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[41 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
IE - HKU\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=5bbd0e3c-80fa-4d7a-b418-8e18e18bf2f8&searchtype=ds&q={searchTerms}
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------

Then, after doing the above, can you run this tool:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Conduit
*Tarma Installer
*Ilivid
*OpenCandy
*searchqu
*StartSearch
*Babylon
*AVG Secure Search
*Yontoo
*Viewpoint
*Vid-Saver
*StartNow
*Yontoo
*Window Shopper
:folderfind
*Conduit
*Tarma Installer
*Ilivid
*OpenCandy
*searchqu
*StartSearch
*Babylon
*AVG Secure Search
*Yontoo
*Viewpoint
*Vid-Saver
*StartNow
*Yontoo
*Window Shopper
:regfind
Conduit
Tarma Installer
Ilivid
OpenCandy
searchqu
StartSearch
Babylon
AVG Secure Search
Yontoo
Viewpoint
Vid-Saver
StartNow Toolbar
Yontoo
Window Shopper
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## TerryD55 (Oct 22, 2012)

Eddie, I can't get the OTL to work. I keep getting a "Not responding" error message.


----------



## TerryD55 (Oct 22, 2012)

Hi Eddie,

For some reason I could not get OTL to respond. I went to their forum and they recommended a couple of other steps when that's the case, so I'm going to post the results of those steps and hope 1) they didn't counteract anything you were trying to accomplish 2) they're of of some help.

The first recommendation was to fun SystemLook, so here's that log:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:54 on 09/11/2012 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit"
No files found.

Searching for "*Tarma Installer"
No files found.

Searching for "*Ilivid"
No files found.

Searching for "*OpenCandy"
No files found.

Searching for "*searchqu"
No files found.

Searching for "*StartSearch"
No files found.

Searching for "*Babylon"
No files found.

Searching for "*AVG Secure Search"
No files found.

Searching for "*Yontoo"
No files found.

Searching for "*Viewpoint"
No files found.

Searching for "*Vid-Saver"
No files found.

Searching for "*StartNow"
No files found.

Searching for "*Yontoo"
No files found.

Searching for "*Window Shopper"
No files found.

========== folderfind ==========

Searching for "*Conduit"
No folders found.

Searching for "*Tarma Installer"
No folders found.

Searching for "*Ilivid"
No folders found.

Searching for "*OpenCandy"
No folders found.

Searching for "*searchqu"
No folders found.

Searching for "*StartSearch"
No folders found.

Searching for "*Babylon"
No folders found.

Searching for "*AVG Secure Search"
No folders found.

Searching for "*Yontoo"
No folders found.

Searching for "*Viewpoint"
No folders found.

Searching for "*Vid-Saver"
No folders found.

Searching for "*StartNow"
No folders found.

Searching for "*Yontoo"
No folders found.

Searching for "*Window Shopper"
C:\Program Files (x86)\Superfish\Window Shopper	d------	[23:38 29/06/2011]

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49A430ED76EBA681EDC30AE3E421A6AF]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CF16DF3D66B098F6F24B971E18632AA]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"

Searching for "Tarma Installer"
No data found.

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"LatestDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"CampaignDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"PurchaseUrl"="http://www.liutilities.com/products/campaigns/dstrial/adv/opencandy/4ds/"

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"

Searching for "StartSearch"
No data found.

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"

Searching for "AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\11.1.0.12\avg.crx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-121C_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-121C_RASMANCS]

Searching for "Viewpoint"
No data found.

Searching for "Vid-Saver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}\InprocServer32]
@="C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033343391}\InprocServer32]
@="C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc]
"path"="C:\Users\Terry\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Vid-Saver_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022342291}\InprocServer32]
@="C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033343391}\InprocServer32]
@="C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll"

Searching for "StartNow Toolbar"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-121C_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-121C_RASMANCS]

Searching for "Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\0\win32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\HELPDIR]
@="C:\Program Files (x86)\Superfish\Window Shopper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
@="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\InprocServer32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\InprocServer32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\0\win32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\HELPDIR]
@="C:\Program Files (x86)\Superfish\Window Shopper\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Superfish\Window Shopper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\257A64DBC7248F236A7B6619C6BE9788]
"4540751A21DE05047ACA29287CFA2BC3"="C:\Program Files (x86)\Superfish\Window Shopper\Settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89E9C16C2CB71DB54760B3F9EECE516F]
"4540751A21DE05047ACA29287CFA2BC3"="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4540751A21DE05047ACA29287CFA2BC3\InstallProperties]
"DisplayName"="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}]
@="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}]
"ButtonText"="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}]
"Icon"="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll,202"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}]
"HotIcon"="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll,203"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}]
"ToolTip"="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
@="Window Shopper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\InprocServer32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\InprocServer32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\0\win32]
@="C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}\1.0\HELPDIR]
@="C:\Program Files (x86)\Superfish\Window Shopper\"

................................................................................................................

Then, per the forum instructions, I ran ComboFix.

ComboFix 12-11-09.02 - Terry 11/09/2012 12:16:01.11.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4492 [GMT -8:00]
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 20:25 . 2012-11-09 20:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-09 17:04 . 2012-11-09 17:04	--------	d-----w-	C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-09 16:22 . 2012-11-09 16:22	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-09 16:22 . 2012-11-09 16:22	188904	----a-w-	c:\windows\system32\java.exe
2012-11-09 16:22 . 2012-11-09 16:22	--------	d-----w-	c:\program files\Java
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09	--------	d-----w-	c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04	--------	d-----w-	c:\users\Terry\AppData\Roaming\GRETECH
2012-10-24 05:22 . 2012-04-20 23:40	196440	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2012-10-23 04:28 . 2012-10-23 04:28	--------	d-----w-	c:\users\Terry\AppData\Roaming\Curiolab
2012-10-23 04:27 . 2012-11-08 03:37	--------	d-----w-	c:\program files (x86)\Exterminate It!
2012-10-23 00:45 . 2012-10-23 00:45	--------	d-----w-	c:\program files (x86)\ESET
2012-10-22 00:35 . 2012-11-08 22:01	--------	d-----w-	c:\program files (x86)\STOPzilla!
2012-10-22 00:35 . 2012-11-08 22:01	--------	d-----w-	c:\programdata\STOPzilla!
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\DriverCure
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\SpeedyPC Software
2012-10-21 00:10 . 2012-10-21 00:10	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-10-20 23:16 . 2012-10-20 23:16	--------	d-----w-	c:\users\Terry\AppData\Roaming\TuneUp Software
2012-10-20 23:12 . 2012-10-20 23:12	--------	d-----w-	c:\users\Terry\AppData\Local\MFAData
2012-10-20 22:47 . 2012-10-22 01:10	--------	d-----w-	c:\programdata\MFAData
2012-10-20 16:31 . 2012-10-22 01:10	--------	d-----w-	c:\program files\Perfect Uninstaller
2012-10-16 15:11 . 2012-11-09 20:27	--------	d-----w-	c:\users\Terry\AppData\Roaming\uTorrent
2012-10-14 19:46 . 2012-10-14 19:46	--------	d-----w-	c:\users\Terry\AppData\Roaming\FinalVideoDownloader
2012-10-10 21:38 . 2012-10-10 21:38	--------	d-----w-	c:\users\Terry\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-10 10:04 . 2010-09-01 16:14	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 11:24 . 2012-03-31 18:59	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:24 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-27 18:07 . 2012-10-10 09:36	160992	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 04:06 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-31 18:19 . 2012-10-10 08:49	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:48	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:48	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 08:48	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 08:48	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 08:48	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 10:01	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:01	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:01	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:01	248320 ----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:03	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:03	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:03	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:03	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 17:11	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 08:48	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 08:48	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 08:48	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 08:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 08:48	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 08:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 08:48	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 08:48	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 08:48	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 08:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 08:48	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 08:48	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 08:48	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL OnePoint.lnk - c:\program files (x86)\AOL OnePoint\IDVault.exe [2012-9-14 6185304]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 0236211352488536mcinstcleanup;McAfee Application Installer Cleanup (0236211352488536);c:\windows\TEMP\023621~1.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 IDVaultSvc;AOL OnePoint Service;c:\program files (x86)\AOL OnePoint\IDVaultSvc.exe [2012-09-14 61784]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 11:24]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30&v=13.2.0.1&sap=hp
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{4d782c9b-5158-42f5-8021-b04a6b646d9a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014d
"Therad"=dword:00000019
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d1,f1,35,60,13,ee,71,bd,00,24,01,9d,c4,88,cf,db,32,0b,cd,4a,b4,
11,f4,49,88,10,7a,5f,8f,f5,65,13,55,d4,fc,da,1b,c7,e2,ad,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{77b730aa-a512-486d-8859-d3463bfa8d94}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000074
"Therad"=dword:00000017
"MData"=hex(0):46,bb,fc,21,55,48,75,53,61,4d,44,ff,50,c9,dc,ca,ad,13,a6,66,1c,
1b,c1,96,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-11-09 12:48:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 20:48
ComboFix2.txt 2012-11-08 04:15
ComboFix3.txt 2012-11-05 15:34
ComboFix4.txt 2012-11-04 19:28
ComboFix5.txt 2012-11-09 20:15
.
Pre-Run: 744,263,725,056 bytes free
Post-Run: 743,815,380,992 bytes free
.
- - End Of File - - C27EF3E3FD97EE2C003B8DB0C123B7E2

Thanks.


----------



## eddie5659 (Mar 19, 2001)

Not sure why it froze, but looking at the above SystemLook log, as most of the entries are not bringing anything up, it looks like it did run okay, just didn't want to get to the end where the log comes up.

Can you try this with OTL. Don't worry, this is just a scan I need you to do, not a fix 


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
/md5start
EasyRedirect64.dll
EasyRedirect.dll
/md5stop
type C:\Windows\SysNative\tasks\{0683BC82-8C1A-4A50-89AB-76E6F0E2000F} /c
type C:\Windows\SysNative\tasks\{2B0FE4CE-0A31-41CF-80CC-69E230EF6B91} /c
type C:\Windows\SysNative\tasks\{2DD29572-BF27-4834-8EC4-CF3E5DCAC476} /c
type C:\Windows\SysNative\tasks\{2F07F134-76B5-4139-A4A1-46B61AC314C5} /c
type C:\Windows\SysNative\tasks\{33D9479F-26EF-4AC6-B9D8-76F6F9C571EE} /c
type C:\Windows\SysNative\tasks\{34A9AF6C-F400-4A62-BD3C-6A6263525F0B} /c
type C:\Windows\SysNative\tasks\{36A48130-E980-4F6F-8E3D-FE11722CCC7E} /c
type C:\Windows\SysNative\tasks\{65EB418A-6463-412B-A1A5-3C9809A937E1} /c
type C:\Windows\SysNative\tasks\{663CCBE3-8C12-401A-9385-F4A4BE249E5B} /c
type C:\Windows\SysNative\tasks\{67188DDC-A9EA-4A36-A501-FC9705314E1E} /c
type C:\Windows\SysNative\tasks\{76399AAA-FCA6-4F58-AD27-AC1E75A6E63B} /c
type C:\Windows\SysNative\tasks\{7640452F-90A3-462D-8711-90D73B40DC18} /c
type C:\Windows\SysNative\tasks\{79577837-9767-4E42-B4C5-052F9F880FD0} /c
type C:\Windows\SysNative\tasks\{82F5C5C0-6AD1-4AD0-BD69-CAE86534291D} /c
type C:\Windows\SysNative\tasks\{860C9D8C-2F4D-4D1A-BA45-F40A3C6EBBFA} /c
type C:\Windows\SysNative\tasks\{900D27E2-5CAD-4330-8B8D-99D67ED786E3} /c
type C:\Windows\SysNative\tasks\{916BEB90-2210-4479-8F8E-0B67D2C3E420} /c
type C:\Windows\SysNative\tasks\{9579517A-E5BF-4C94-8F6C-82B138C9EBC4} /c
type C:\Windows\SysNative\tasks\{AAA3DAE0-A9CF-405A-B0EF-39AF11AF9380} /c
type C:\Windows\SysNative\tasks\{C9B837AF-7E7D-40C8-9506-325622870BF7} /c
type C:\Windows\SysNative\tasks\{CE63C5C6-AE7F-442A-82AA-0CE1C00335D3} /c
type C:\Windows\SysNative\tasks\{D2D4BEF3-C187-4043-9A20-7C0774215812} /c
type C:\Windows\SysNative\tasks\{D6F8B3B3-4805-4EAC-B921-BF4D34C1ABC1} /c
type C:\Windows\SysNative\tasks\{D735555C-4802-40E8-A9EF-728863CF0F4F} /c
type C:\Windows\SysNative\tasks\{D838EFB5-8D22-423C-91E7-13A2777A65F0} /c
type C:\Windows\SysNative\tasks\{D91A91F8-548C-4C6F-B2BB-7A54FBD1C59E} /c
type C:\Windows\SysNative\tasks\{D9B587A7-A03B-48A8-873D-05F527B35D27} /c
type C:\Windows\SysNative\tasks\{D9B8B4B8-3B7D-43B5-BA29-3990AF16781D} /c
type C:\Windows\SysNative\tasks\{DE09B16B-CF76-4EE5-9A57-44DBEC57E698} /c
type C:\Windows\SysNative\tasks\{E1016A45-307F-45E6-B766-13236C7006F1} /c
type C:\Windows\SysNative\tasks\{EECAB2C0-513B-42F6-8D92-E4BB1D303257} /c
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.


Only the one log will be produced 

------------------------------------
Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\Windows\SysNative\EasyRedirect64.dll
> C:\Windows\SysWow64\EasyRedirect.dll
> *


Let me know when its uploaded 

-------------------------------------

Can you run this for me:

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

-------------------------------------

Using SystemLook again, can you run the following code:


```
:file
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\netio.sys
c:\windows\system32\drivers\FWPKCLNT.SYS
c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
c:\program files (x86)\AOL OnePoint\IDVault.exe
c:\programdata\Best Buy pc app\ClickOnceSetup.exe
c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
C:\Windows\SysNative\EasyRedirect64.dll
C:\Windows\SysWow64\EasyRedirect.dll
```
And post the log it creates 

eddie


----------



## TerryD55 (Oct 22, 2012)

Alright, here you go:

OTL logfile created on: 11/10/2012 10:16:51 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.50% Memory free
11.93 Gb Paging File | 10.03 Gb Available in Paging File | 84.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 691.85 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 95.81 Gb Free Space | 32.15% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/09 10:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2012/11/06 09:32:52 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
PRC - [2012/10/10 01:16:38 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/06/05 09:11:34 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/06/17 09:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/05/25 04:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/23 09:54:54 | 000,118,784 | ---- | M] () -- c:\Program Files (x86)\Common Files\aol\1285107697\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:*64bit:* - [2012/09/07 15:46:15 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:*64bit:* - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:*64bit:* - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:*64bit:* - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:*64bit:* - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:*64bit:* - [2012/07/13 14:08:02 | 003,542,856 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/01 07:44:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012/10/09 03:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/06/17 09:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/09/27 10:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:*64bit:* - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:*64bit:* - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:*64bit:* - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:*64bit:* - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:*64bit:* - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:*64bit:* - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:*64bit:* - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:*64bit:* - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 0D 96 B1 2A BD CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2012/10/31 15:41:55 | 000,000,000 | ---D | M]

[2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2012/11/06 09:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.aol.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: __MSG_buttonTitle__ = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg\1.0.7_0\
CHR - Extension: EasyClock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.5_0\
CHR - Extension: AdBlock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: TweetDeck = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.1.0_0\
CHR - Extension: Read Your AOL Mail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\

O1 HOSTS File: ([2012/11/09 12:26:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:*64bit:* - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 07:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/09 12:26:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/09 12:15:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/09 09:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 08:22:28 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/09 08:22:27 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/09 08:22:27 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/09 08:22:18 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/09 08:22:18 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/09 08:22:18 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/09 08:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/07 21:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2012/11/05 09:20:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\ComboFix logs
[2012/11/03 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Logs
[2012/11/02 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Adobe Photoshop Elements 11
[2012/11/02 19:37:28 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/02 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/11/02 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Calling Card
[2012/11/02 09:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BAHCS remoteIT Support
[2012/11/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue Calling Card
[2012/11/02 08:18:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\LogMeIn Rescue Applet
[2012/11/01 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{28B37C5F-0747-4FF2-8108-F3BD26E2D0E3}
[2012/10/31 16:36:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/31 16:36:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/31 16:36:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/10/31 16:36:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/10/31 16:36:05 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/10/31 16:36:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/10/31 16:36:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/10/31 16:36:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/10/31 16:36:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/10/31 16:36:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/10/31 16:36:04 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/10/31 16:36:04 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/10/31 16:36:04 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/10/31 16:36:04 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/10/31 16:36:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/10/31 16:36:04 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/10/31 16:36:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/10/31 16:36:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/10/31 16:36:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/10/31 16:36:03 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/10/31 16:36:03 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/10/31 16:36:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/10/31 16:36:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/10/31 16:34:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/10/31 16:34:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/29 18:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2012/10/29 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/29 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/28 19:21:42 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\GRETECH
[2012/10/28 18:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/28 18:14:27 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Old Firefox Data
[2012/10/28 12:24:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 12:24:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 12:24:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/28 12:19:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/23 21:22:40 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/10/22 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Curiolab
[2012/10/22 20:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/10/22 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/10/22 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/10/21 16:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/10/21 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\DriverCure
[2012/10/21 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\SpeedyPC Software
[2012/10/21 15:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/21 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/20 16:10:44 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/20 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
[2012/10/20 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\MFAData
[2012/10/20 14:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/20 08:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/10/17 13:32:32 | 000,000,000 | ---D | C] -- C:\Users\Terry\Documents\GomPlayer
[2012/10/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\uTorrent
[2012/10/14 11:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/14 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
[2012/10/12 20:01:01 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\{DC84B566-B8D7-4FDA-A2EB-94D3A13F434E}
[2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

========== Files - Modified Within 30 Days ==========

[2012/11/10 09:35:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
[2012/11/10 09:33:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/10 09:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 09:23:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 07:13:26 | 000,003,336 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/11/10 07:13:26 | 000,001,872 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2012/11/10 07:11:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 07:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 02:53:08 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/10 02:53:08 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/10 02:53:08 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/10 02:46:02 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/10 02:00:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
[2012/11/09 12:26:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/09 08:22:13 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/09 08:22:12 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/09 08:22:12 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/09 08:22:12 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/09 08:22:12 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/09 08:22:12 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/07 21:43:09 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/06 09:36:56 | 000,001,042 | ---- | M] () -- C:\Users\Terry\Desktop\iLivid.lnk
[2012/11/01 16:24:12 | 000,000,017 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | M] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 15:40:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/28 12:20:53 | 000,013,453 | ---- | M] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 20:27:54 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | M] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:44:45 | 000,000,134 | ---- | M] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | M] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/15 07:02:43 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err

========== Files Created - No Company Name ==========

[2012/11/07 21:43:09 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2012/11/06 09:36:56 | 000,001,050 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2012/11/06 09:36:56 | 000,001,042 | ---- | C] () -- C:\Users\Terry\Desktop\iLivid.lnk
[2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/28 18:29:09 | 000,002,262 | ---- | C] () -- C:\Users\Terry\Desktop\Google Chrome.lnk
[2012/10/28 18:28:23 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/28 18:28:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 12:24:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 12:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 12:24:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 12:24:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 12:24:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/28 12:20:53 | 000,013,453 | ---- | C] () -- C:\Users\Terry\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 20:27:54 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/10/22 15:58:10 | 000,001,271 | ---- | C] () -- C:\Users\Terry\Desktop\Revo Uninstaller.lnk
[2012/10/20 09:43:12 | 000,000,134 | ---- | C] () -- C:\Users\Terry\Desktop\Internet Explorer Troubleshooting.url
[2012/10/15 19:41:30 | 000,123,947 | ---- | C] () -- C:\Users\Terry\Documents\do not call 101512.jpg
[2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 17:18:15 | 000,003,336 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 17:18:15 | 000,001,872 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/04/01 16:55:52 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: EASYREDIRECT.DLL >
[2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.dll
[2012/07/13 14:08:00 | 000,364,360 | ---- | M] (EasyTech) MD5=D8BE4573B207A91A32694ED16D48975F -- C:\Windows\SysWOW64\EasyRedirect.dll

< MD5 for: EASYREDIRECT64.DLL >
[2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect64.dll
[2012/07/13 14:08:04 | 000,504,136 | ---- | M] (EasyTech) MD5=6627D262277F70043CB8AA6BC2FCB62D -- C:\Windows\SysNative\EasyRedirect64.dll

< type C:\Windows\SysNative\tasks\{0683BC82-8C1A-4A50-89AB-76E6F0E2000F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2B0FE4CE-0A31-41CF-80CC-69E230EF6B91} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp\AIRInstallerRunner.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\ElementsSTIInstaller\payloads\AdobeHelp"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2DD29572-BF27-4834-8EC4-CF3E5DCAC476} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\imikimi_installer_0.5.1.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{2F07F134-76B5-4139-A4A1-46B61AC314C5} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{33D9479F-26EF-4AC6-B9D8-76F6F9C571EE} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime\AdobeAIRInstaller.exe" -d "C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9\SOFTWARE\air runtime"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{34A9AF6C-F400-4A62-BD3C-6A6263525F0B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_4.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{36A48130-E980-4F6F-8E3D-FE11722CCC7E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{65EB418A-6463-412B-A1A5-3C9809A937E1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller_2.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{663CCBE3-8C12-401A-9385-F4A4BE249E5B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{67188DDC-A9EA-4A36-A501-FC9705314E1E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{76399AAA-FCA6-4F58-AD27-AC1E75A6E63B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{7640452F-90A3-462D-8711-90D73B40DC18} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{79577837-9767-4E42-B4C5-052F9F880FD0} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files (x86)\InstallShield Installation Information\{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}\setup.exe" -c -runfromtemp -l0x0409 -removeonly</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{82F5C5C0-6AD1-4AD0-BD69-CAE86534291D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\iview433_setup_5.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{860C9D8C-2F4D-4D1A-BA45-F40A3C6EBBFA} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\Downloads\imikimi_installer_0.5.1 (2).exe"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{900D27E2-5CAD-4330-8B8D-99D67ED786E3} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{916BEB90-2210-4479-8F8E-0B67D2C3E420} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\AdobeAIRInstaller_3.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9579517A-E5BF-4C94-8F6C-82B138C9EBC4} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{AAA3DAE0-A9CF-405A-B0EF-39AF11AF9380} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{C9B837AF-7E7D-40C8-9506-325622870BF7} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{CE63C5C6-AE7F-442A-82AA-0CE1C00335D3} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT47VVWI\acssetup[1].exe" -d C:\Users\Terry\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D2D4BEF3-C187-4043-9A20-7C0774215812} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a D:\setup.exe -d D:\</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D6F8B3B3-4805-4EAC-B921-BF4D34C1ABC1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D735555C-4802-40E8-A9EF-728863CF0F4F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D838EFB5-8D22-423C-91E7-13A2777A65F0} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\AOL 9.5\aol.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D91A91F8-548C-4C6F-B2BB-7A54FBD1C59E} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\weathersp3_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D9B587A7-A03B-48A8-873D-05F527B35D27} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{D9B8B4B8-3B7D-43B5-BA29-3990AF16781D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{DE09B16B-CF76-4EE5-9A57-44DBEC57E698} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Users\Terry\Downloads\Programs\adweather2sp_StubInstaller.exe -d C:\Users\Terry\AppData\Roaming\IDM</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{E1016A45-307F-45E6-B766-13236C7006F1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\Terry\Downloads\Adobe Premiere Elements 9\Adobe Premiere Elements 9.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{EECAB2C0-513B-42F6-8D92-E4BB1D303257} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>Terry-PC\Terry</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< End of report >

Thanks


----------



## eddie5659 (Mar 19, 2001)

Thanks 

I know I've seen this in your installed programs, but did you knowingly install this:

*Easy-Hide-IP*

Or is this the first you've seen of it?

Also, any joy with the rest of the scans here:

http://forums.techguy.org/8521408-post15.html

Underneath the OTL part


----------



## TerryD55 (Oct 22, 2012)

Oh shoot! I had to do other things yesterday and forgot to run the other scans.  Yes, the Easy Hide is something I installed. I'll run those other scans and post those back to you. Thanks!


----------



## TerryD55 (Oct 22, 2012)

OK, hopefully, I uploaded that correctly!

Here's a link; http://thespykiller.co.uk/index.php?topic=10007.new#new


----------



## TerryD55 (Oct 22, 2012)

OK, I think I've got it all now. 

The CKScanner results: 
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\ez fonts\fonts\crackdr2.ttf
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\cracked paint.metadata.xml
scanner sequence 3.AB.11.UNBCNI
----- EOF -----

..........................................................................................................................................................................

SystemLook results: 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:29 on 11/11/2012 by Terry
Administrator - Elevation successful

========== file ==========

c:\windows\system32\drivers\ndis.sys - File found and opened.
MD5: 760E38053BF56E501D562B70AD796B88
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 950128 bytes
Attributes: --a----
FileDescription: NDIS 6.20 driver
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: NDIS.SYS.MUI
InternalName: NDIS.SYS
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\drivers\netio.sys - File found and opened.
MD5: 7942B7AC3FF598F8A1736D51ADAF04E8
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 376688 bytes
Attributes: --a----
FileDescription: Network I/O Subsystem
FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
ProductVersion: 6.1.7601.17939
OriginalFilename: netio.sys
InternalName: netio.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\windows\system32\drivers\FWPKCLNT.SYS - File found and opened.
MD5: 910DD6694848872FD3B8F42BAF801D0A
Created at 10:03 on 12/09/2012
Modified at 18:12 on 22/08/2012
Size: 288624 bytes
Attributes: --a----
FileDescription: FWP/IPsec Kernel-Mode API
FileVersion: 6.1.7601.17939 (win7sp1_gdr.120822-0331)
ProductVersion: 6.1.7601.17939
OriginalFilename: fwpkclnt.sys
InternalName: fwpkclnt.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe - Unable to find/read file.

c:\program files (x86)\AOL OnePoint\IDVault.exe - Unable to find/read file.

c:\programdata\Best Buy pc app\ClickOnceSetup.exe - Unable to find/read file.

c:\windows\system32\drivers\WsAudioDevice_383S(1).sys - File found and opened.
MD5: AD12F5C7251BB8D575D560894E73CBBA
Created at 18:40 on 02/10/2012
Modified at 23:08 on 17/11/2011
Size: 29288 bytes
Attributes: --a----
FileDescription: Wondershare Virtual Audio Device
FileVersion: 1.00
ProductVersion: 1.00
InternalName: wsvad
ProductName: Virtual Audio driver
CompanyName: Wondershare
LegalCopyright: Copyright (C) Wondershare Corp.2007

C:\Windows\SysNative\EasyRedirect64.dll - Unable to find/read file.

C:\Windows\SysWow64\EasyRedirect.dll - File found and opened.
MD5: D8BE4573B207A91A32694ED16D48975F
Created at 01:18 on 15/07/2012
Modified at 22:08 on 13/07/2012
Size: 364360 bytes
Attributes: --a----
FileDescription: EasyRedirect.dll
FileVersion: 2.1.9.9
ProductVersion: 2.1.9.9
OriginalFilename: 
InternalName: 
ProductName: EasyRedirect.dll
CompanyName: EasyTech
LegalCopyright: Copyright © 2010
Comments: 

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Excellent, all are legit. Just wanted to be sure, especially about those two files you uploaded for me 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> RegLock::
> [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{4d782c9b-5158-42f5-8021-b04a6b646d9a}]
> [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
> [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{77b730aa-a512-486d-8859-d3463bfa8d94}]
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## TerryD55 (Oct 22, 2012)

OK, on to the next:

ComboFix 12-11-10.01 - Terry 11/11/2012 11:35:24.12.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6109.4312 [GMT -8:00]
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\Logs\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 19:47 . 2012-11-11 19:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-10 19:02 . 2012-11-11 19:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-10 19:02 . 2012-11-11 19:28	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-10 19:01 . 2012-11-10 19:01	--------	d-----w-	c:\users\Terry\AppData\Local\Programs
2012-11-09 17:04 . 2012-11-09 17:04	--------	d-----w-	C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-09 16:22 . 2012-11-09 16:22	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-09 16:22 . 2012-11-09 16:22	188904	----a-w-	c:\windows\system32\java.exe
2012-11-09 16:22 . 2012-11-09 16:22	--------	d-----w-	c:\program files\Java
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09	--------	d-----w-	c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04	--------	d-----w-	c:\users\Terry\AppData\Roaming\GRETECH
2012-10-24 05:22 . 2012-04-20 23:40	196440	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2012-10-23 04:28 . 2012-10-23 04:28	--------	d-----w-	c:\users\Terry\AppData\Roaming\Curiolab
2012-10-23 04:27 . 2012-11-08 03:37	--------	d-----w-	c:\program files (x86)\Exterminate It!
2012-10-23 00:45 . 2012-10-23 00:45	--------	d-----w-	c:\program files (x86)\ESET
2012-10-22 00:35 . 2012-11-08 22:01	--------	d-----w-	c:\program files (x86)\STOPzilla!
2012-10-22 00:35 . 2012-11-08 22:01	--------	d-----w-	c:\programdata\STOPzilla!
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\DriverCure
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\users\Terry\AppData\Roaming\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-10-21 23:54 . 2012-10-21 23:54	--------	d-----w-	c:\program files (x86)\SpeedyPC Software
2012-10-21 00:10 . 2012-10-21 00:10	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-10-20 23:16 . 2012-10-20 23:16	--------	d-----w-	c:\users\Terry\AppData\Roaming\TuneUp Software
2012-10-20 23:12 . 2012-10-20 23:12	--------	d-----w-	c:\users\Terry\AppData\Local\MFAData
2012-10-20 22:47 . 2012-10-22 01:10	--------	d-----w-	c:\programdata\MFAData
2012-10-20 16:31 . 2012-10-22 01:10	--------	d-----w-	c:\program files\Perfect Uninstaller
2012-10-16 15:11 . 2012-11-11 19:29	--------	d-----w-	c:\users\Terry\AppData\Roaming\uTorrent
2012-10-14 19:46 . 2012-10-14 19:46	--------	d-----w-	c:\users\Terry\AppData\Roaming\FinalVideoDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-10 10:04 . 2010-09-01 16:14	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 11:24 . 2012-03-31 18:59	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:24 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-27 18:07 . 2012-10-10 09:36	160992	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 04:06 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-31 18:19 . 2012-10-10 08:49	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:48	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:48	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 08:48	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 08:48	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 08:48	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 10:01	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 10:01	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 10:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 10:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 10:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 10:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 10:01	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 10:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 10:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 10:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 10:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 10:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 10:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 10:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 10:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 10:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 10:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 10:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 10:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 10:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 10:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:03	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:03	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:03	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:03	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 17:11	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 08:48	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 08:48	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 08:48	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 08:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 08:48	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 08:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 08:48	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 08:48	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 08:48	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 08:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 08:48	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 08:48	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 08:48	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 08:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
.
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 0236211352488536mcinstcleanup;McAfee Application Installer Cleanup (0236211352488536);c:\windows\TEMP\023621~1.EXE [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 11:24]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30&v=13.2.0.1&sap=hp
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-11-11 12:04:42
ComboFix-quarantined-files.txt 2012-11-11 20:04
ComboFix2.txt 2012-11-09 20:48
ComboFix3.txt 2012-11-08 04:15
ComboFix4.txt 2012-11-05 15:34
ComboFix5.txt 2012-11-11 19:33
.
Pre-Run: 745,616,089,088 bytes free
Post-Run: 745,306,116,096 bytes free
.
- - End Of File - - 889EC861DEABC2337CE1A01EFB927CFF


----------



## eddie5659 (Mar 19, 2001)

I know you said earlier that OTL was having problems running a fix, but if you can delete the copy that you have, get a new one from here:

Download *OTL* to your Desktop

And then try this fix. If it still doesn't work, we'll try something else 

---

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------



## TerryD55 (Oct 22, 2012)

I'm afraid it still won't respond. Is it possible that the malware is blocking it? : (


----------



## eddie5659 (Mar 19, 2001)

It could be, so lets see what's running so that we can kill it so we can run the tool 

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.

eddie


----------



## TerryD55 (Oct 22, 2012)

Here you go. I'm starting to get really discouraged about ever conquering this thing. Do I need to return my computer to factory settings? If so, what should I do in preparation?

Here's the RogueKiller log:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terry [Admin rights]
Mode : Scan -- Date : 11/16/2012 10:14:35

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DesktopWeather.exe -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-254241989-344465633-3051194989-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312} (C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl) -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARS-22Y5B1 +++++
--- User ---
[MBR] fb09924c098012f41c95e7b2f97a8e27
[BSP] d0707f4155fd9ad6b4c3018771cef6d1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD 3200BEV External USB Device +++++
--- User ---
[MBR] beea9460a2ac537379dfeacfce6df664
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: SMI USB DISK USB Device +++++
--- User ---
[MBR] 212c4e1e73bf2dea892238af0354661f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15479 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11162012_02d1014.txt >>
RKreport[1]_S_11162012_02d1014.txt


----------



## eddie5659 (Mar 19, 2001)

Sometimes tools don't want to work, which can be down to all sorts of reasons, however restoring is normally the last option I do, as 99% of the time, we can remove the infections.

Can you run this for me, and then we'll remove them using another tool, as I saw ComboFix ran okay 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
:folderfind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
:regfind
Conduit
uTorrentControl2
InstallMate
Tarma Installer
Ilivid
OpenCandy
searchqu
AVG Secure Search
CToolbar
StartSearch
Babylon
Crossrider
Freeze.com
Viewpoint
StartNow
isearch
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## TerryD55 (Oct 22, 2012)

Thanks Eddie. I appreciate all of your assistance.

Here's the info you requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:55 on 19/11/2012 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf	--a---- 19604 bytes	[14:49 16/04/2009]	[14:49 16/04/2009] 2019BE2CCBB888D9FA8B4EE8DFBD4CF4
C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf	--a---- 27484 bytes	[14:49 16/04/2009]	[14:49 16/04/2009] CB70FA803082E4F3D0402799613171EE
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png	--a---- 2082 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 369D7B1919164AE582123413766EBB1E
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png	--a---- 1062 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] A6E265A10E77FBAF77DDDCC11E155B26
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png	--a---- 1188 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 4B8A28889FDB2CFE1FEC952729DD2266
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png	--a---- 1416 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] D863883F87BD0FBD96B6D7F3A95BD0F8
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png	--a---- 1393 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 674CAA942DF7A568B24C21453F897718
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png	--a---- 1342 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 897BF535CB7A1C6169E8E760A704CCF3
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png	--a---- 1851 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] FA4EDBC5038FFE10F89AFD0BDC86A401
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png	--a---- 866 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 4F23EED01724E80596C51E1E8401C01F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png	--a---- 1139 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] A7F72FBD280435CA5DE978D3DEFF720F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png	--a---- 1202 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 37123FD3C9499437EB639B722D69A33F
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png	--a---- 772 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif	--a---- 419 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif	--a---- 950 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif	--a---- 314 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 2E25133B02C7C430B953CC6B2C092010
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif	--a---- 322 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js	--a---- 30362 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png	--a---- 1305 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png	--a---- 3926 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css	--a---- 3 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm	--a---- 760 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Terry\Downloads\Programs\HSS-2.70-install-anchorfree-393-conduit.exe	--a---- 5321760 bytes	[15:04 28/09/2012]	[15:04 28/09/2012] FAD6FF07EDFF6F0E9541CC5CA4920212

Searching for "*uTorrentControl2*"
No files found.

Searching for "*InstallMate*"
No files found.

Searching for "*Tarma Installer*"
No files found.

Searching for "*Ilivid*"
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk	--a---- 1050 bytes	[17:36 06/11/2012]	[17:36 06/11/2012] 0F2421C9E88233320CBF9048613B38D4
C:\Users\Terry\Desktop\iLivid.lnk	--a---- 1042 bytes	[17:36 06/11/2012]	[17:36 06/11/2012] 9A7E310753A6B952E11088452B61B39B
C:\Users\Terry\Downloads\Programs\iLividSetup.exe	--a---- 1302424 bytes	[17:35 06/11/2012]	[17:35 06/11/2012] 756F67A33A424E53BC71E49EF0BFE951
C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe	--a---- 2060760 bytes	[01:47 07/12/2011]	[01:47 07/12/2011] 11A40C3EC61C32C4EED1175D92A8C5EA
C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe	--a---- 2063040 bytes	[00:06 06/02/2012]	[00:06 06/02/2012] 12D6957E9D66B1DCF3062599A74D297F

Searching for "*OpenCandy*"
No files found.

Searching for "*searchqu*"
No files found.

Searching for "*AVG Secure Search*"
No files found.

Searching for "*CToolbar*"
No files found.

Searching for "*StartSearch*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Crossrider*"
No files found.

Searching for "*Freeze.com*"
No files found.

Searching for "*Viewpoint*"
C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe	--a---- 3858056 bytes	[22:22 21/09/2010]	[14:59 23/03/2010] FC393CFF7BC091C6733A7DF192A4D133
C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe	--a---- 3858056 bytes	[00:36 31/05/2012]	[22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133

Searching for "*StartNow*"
No files found.

Searching for "*isearch*"
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp	-ra---- 22460 bytes	[14:37 15/11/2012]	[14:37 15/11/2012] 3F0093034EBEFA9068ECB37E408DF37B
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp	-ra---- 22460 bytes	[14:34 15/11/2012]	[14:34 15/11/2012] EB22A341F119143350920E828BD2CF37

========== folderfind ==========

Searching for "*Conduit*"
No folders found.

Searching for "*uTorrentControl2*"
No folders found.

Searching for "*InstallMate*"
No folders found.

Searching for "*Tarma Installer*"
No folders found.

Searching for "*Ilivid*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*searchqu*"
No folders found.

Searching for "*AVG Secure Search*"
No folders found.

Searching for "*CToolbar*"
No folders found.

Searching for "*StartSearch*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*Freeze.com*"
No folders found.

Searching for "*Viewpoint*"
No folders found.

Searching for "*StartNow*"
No folders found.

Searching for "*isearch*"
No folders found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49A430ED76EBA681EDC30AE3E421A6AF]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CF16DF3D66B098F6F24B971E18632AA]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"

Searching for "uTorrentControl2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASMANCS]

Searching for "InstallMate"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files (x86)\iLivid]

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"LatestDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"CampaignDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"PurchaseUrl"="http://www.liutilities.com/products/campaigns/dstrial/adv/opencandy/4ds/"

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"

Searching for "AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\11.1.0.12\avg.crx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-18\Software\AVG Secure Search]

Searching for "CToolbar"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]

Searching for "StartSearch"
No data found.

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"

Searching for "Freeze.com"
No data found.

Searching for "Viewpoint"
No data found.

Searching for "StartNow"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

Searching for "isearch"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://isearch.avg.com/?cid={1EEADFFC-FAEC-4DC3-BB44-6522C2D5B84B}&mid=6a5aa9b425c147d086e6d14acce4e9e6-1f8c3cacd4a46d68ff0029b345ebc3cc54dcc931&lang=en&ds=gm011&pr=sa&d=2012-10-17 14:30:23&v=13.2.0.1&sap=hp"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, as you can guess, there is a lot there, but not all of it is bad.

Whilst I create a fix (of which I need to check some things out), can you uninstall this:

*PC Optimizer Pro*

Why?

http://www.microsoft.com/security/p.../Entry.aspx?Name=Program:Win32/PCOptimizerPro

Also, can you uninstall SUPERAntiSpyware. For some weird reason, its protecting a homepage which is not what you want. Think it may have defaulted to this.

Back in a bit, probably tomorrow at 5ish, as its 11.20pm here


----------



## eddie5659 (Mar 19, 2001)

First off, can you backup as follows:

*Backing Up Your Registry*
Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_CURRENT_USER\Software\DataMngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\ilivid]
[-HKEY_CURRENT_USER\Software\searchqutoolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[-HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[-HKEY_USERS\S-1-5-18\Software\AVG Secure Search]
[-HKEY_USERS\.DEFAULT\Software\AVG Secure Search]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
File::
%APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml
%APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm
%TEMP%\BandooV6.exe
%TEMP%\SetupDataMngr_Searchqu.exe
%TEMP%\SweetIMReinstall\SweetImSetup.exe
%TEMP%\ilivid.7z
%TEMP%\searchqu.ini
%TEMP%\searchqutoolbar-manifest.xml
%USERPROFILE%\Downloads\SweetImSetup.exe
%USERPROFILE%\Downloads\iLividSetupV1.exe
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\[url]www.ilivid[/url][1].xml
%USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\[url]www.searchqu[/url][1].xml
C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif
C:\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css
C:\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm
C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
C:\Users\Terry\Desktop\iLivid.lnk
C:\Users\Terry\Downloads\Programs\iLividSetup.exe
C:\Users\Terry\Downloads\Programs\iLividSetupV1.exe
C:\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe
C:\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe
C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51MXGCMG\isearch.avg[1].1&sap=hp
C:\Users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT42YZ11\isearch.avg[1].1&sap=hp
Folder::
%APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar
%APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7}
%LOCALAPPDATA%\Ilivid Player
%TEMP%\BandooFiles
%TEMP%\SweetIMReinstall
%USERPROFILE%\AppData\LocalLow\searchquband
%USERPROFILE%\AppData\LocalLow\searchqutoolbar
%USERPROFILE%\AppData\LocalLow\DataMngr
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\iLivid
C:\Windows\Prefetch\ILIVID*
C:\Windows\Prefetch\SEARCHQUMEDIABAR*
C:\Windows\Prefetch\SETUPDATAMNGR*
C:\Program Files (x86)\iLivid
C:\Program Files (x86)\Windows Savevid Toolbar
C:\Program Files (x86)\Savevid
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

-------

I'll then post the new SystemLook code to run, but will wait for the above first, as its quite lengthy, and it may take a while to run the fix, so give it time 

You'll also see some things in the fix that we didn't search for, but these can be related, so prefer to check for them, just to be safe.

eddie


----------



## TerryD55 (Oct 22, 2012)

I'm unable to find the Optimizer Pro. Where might it be hiding? lol


----------



## TerryD55 (Oct 22, 2012)

Never mind! It shows it's already been uninstalled.


----------



## TerryD55 (Oct 22, 2012)

I sure hope I didn't screw this up. I accidentally shut down Combofix before the report ran (don't ask) and so performed the whole scan again. 

ComboFix 12-11-21.01 - Terry 11/21/2012 17:13:16.14.2 - x64
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
.
FILE ::
"c:\program files (x86)\AOL 9.5\Jiti\viewpoint.exe"
"c:\program files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm"
"c:\users\Terry\AppData\Local\Microsoft\Windows\Temporary Internet"
"c:\users\Terry\AppData\Local\Temp\BandooV6.exe"
"c:\users\Terry\AppData\Local\Temp\ilivid.7z"
"c:\users\Terry\AppData\Local\Temp\searchqu.ini"
"c:\users\Terry\AppData\Local\Temp\searchqutoolbar-manifest.xml"
"c:\users\Terry\AppData\Local\Temp\SetupDataMngr_Searchqu.exe"
"c:\users\Terry\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe"
"c:\users\Terry\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml"
"c:\users\Terry\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml"
"c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk"
"c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml"
"c:\users\Terry\Desktop\iLivid.lnk"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif"
"c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif"
"c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js"
"c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png"
"c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png"
"c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css"
"c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm"
"c:\users\Terry\Downloads\iLividSetupV1.exe"
"c:\users\Terry\Downloads\Programs\iLividSetup.exe"
"c:\users\Terry\Downloads\Programs\iLividSetupV1.exe"
"c:\users\Terry\Downloads\Programs\iLividSetupV1_2.exe"
"c:\users\Terry\Downloads\SweetImSetup.exe"
"c:\windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AOL 9.5\Jiti\viewpoint.exe
c:\program files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe
c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
c:\users\Terry\Desktop\iLivid.lnk
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif
c:\users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js
c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png
c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png
c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css
c:\users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm
c:\users\Terry\Downloads\Programs\iLividSetup.exe
c:\users\Terry\Downloads\Programs\iLividSetupV1.exe
c:\users\Terry\Downloads\Programs\iLividSetupV1_2.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 01:27 . 2012-11-22 01:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-22 00:10 . 2012-11-22 00:10	--------	d-----w-	c:\program files (x86)\ERUNT
2012-11-18 02:21 . 2012-11-18 15:25	--------	d-----w-	c:\users\Terry\AppData\Local\CrashDumps
2012-11-17 18:46 . 2012-11-22 00:38	--------	d-----w-	c:\users\Terry\AppData\Local\The Weather Channel
2012-11-14 20:20 . 2012-11-14 20:20	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-11-14 16:47 . 2012-11-14 16:47	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Symantec
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-11-14 16:46 . 2012-11-22 00:38	--------	d-----w-	c:\windows\system32\drivers\N360x64
2012-11-14 16:46 . 2012-11-14 16:46	--------	d-----w-	c:\program files (x86)\Norton 360
2012-11-14 16:31 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23A94581-7CBD-4AB9-BBF1-790F812BDA97}\mpengine.dll
2012-11-14 16:26 . 2012-11-15 02:29	--------	d-----w-	c:\program files (x86)\NortonInstaller
2012-11-14 11:11 . 2012-07-26 04:47	2560	----a-w-	c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 11:11 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:11 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:11 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 11:04 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 11:04 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:04 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:04 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 11:04 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 11:04 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:04 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-13 13:18 . 2012-09-27 18:07	160992	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-11-11 22:15 . 2012-11-11 22:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-11 22:14 . 2012-11-11 22:14	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-10 19:02 . 2012-11-11 19:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-10 19:02 . 2012-11-11 19:28	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-10 19:01 . 2012-11-10 19:01	--------	d-----w-	c:\users\Terry\AppData\Local\Programs
2012-11-09 17:04 . 2012-11-09 17:04	--------	d-----w-	C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09	--------	d-----w-	c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04	--------	d-----w-	c:\users\Terry\AppData\Roaming\GRETECH
2012-10-23 04:28 . 2012-10-23 04:28	--------	d-----w-	c:\users\Terry\AppData\Roaming\Curiolab
2012-10-23 04:27 . 2012-11-08 03:37	--------	d-----w-	c:\program files (x86)\Exterminate It!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 18:49 . 2012-03-31 18:59	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-17 18:49 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 11:04 . 2010-09-01 16:14	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-11 22:14 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-31 18:19 . 2012-10-10 08:49	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:48	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:48	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 08:48	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 08:48	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 08:48	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-02 00:56 . 2012-04-02 00:55	22259528	----a-w-	c:\program files (x86)\vlc-2.0.1-win32.exe
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-26 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-17 13105848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-11-14 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 18:49]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-11-21 17:46:42
ComboFix-quarantined-files.txt 2012-11-22 01:46
ComboFix2.txt 2012-11-11 20:04
ComboFix3.txt 2012-11-09 20:48
ComboFix4.txt 2012-11-08 04:15
ComboFix5.txt 2012-11-22 00:17
.
Pre-Run: 738,999,771,136 bytes free
Post-Run: 738,947,772,416 bytes free
.
- - End Of File - - BDC6C9ECED4E4C28FD8F9E3797903B88


----------



## eddie5659 (Mar 19, 2001)

It should be okay, but lets just see if there are any remains 

Using SystemLook again, can you run it with the following code and post the log it creates:


```
:filefind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
*viewpoint*
*DataMngr*
*Trolltech*
*Bandoo*
*Fun4IM*
*whitesmoke*
*Searchnu*
:folderfind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
*viewpoint*
*DataMngr*
*whitesmoke*
*Trolltech*
*Bandoo*
*Fun4IM*
*Searchnu*
:regfind
Conduit
uTorrentControl2
InstallMate
Tarma Installer
whitesmoke
Ilivid
OpenCandy
searchqu
AVG Secure Search
CToolbar
StartSearch
Babylon
Crossrider
Freeze.com
Viewpoint
StartNow
isearch
viewpoint
DataMngr
Trolltech
Bandoo
Fun4IM
Searchnu
kelkoopartners
```
eddie


----------



## TerryD55 (Oct 22, 2012)

Alright, here you go.

ComboFix 12-11-24.02 - Terry 11/24/2012 14:34:07.15.2 - x64
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 22:47 . 2012-11-24 22:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-23 17:50 . 2012-11-24 22:50	--------	d-----w-	c:\programdata\notracks.com
2012-11-22 00:10 . 2012-11-22 00:10	--------	d-----w-	c:\program files (x86)\ERUNT
2012-11-21 13:02 . 2012-11-22 00:43	165112	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-11-18 02:21 . 2012-11-18 15:25	--------	d-----w-	c:\users\Terry\AppData\Local\CrashDumps
2012-11-17 18:46 . 2012-11-22 00:38	--------	d-----w-	c:\users\Terry\AppData\Local\The Weather Channel
2012-11-14 20:20 . 2012-11-14 20:20	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-11-14 16:47 . 2012-11-14 16:47	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Symantec
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-11-14 16:46 . 2012-11-22 00:38	--------	d-----w-	c:\windows\system32\drivers\N360x64
2012-11-14 16:46 . 2012-11-14 16:46	--------	d-----w-	c:\program files (x86)\Norton 360
2012-11-14 16:31 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23A94581-7CBD-4AB9-BBF1-790F812BDA97}\mpengine.dll
2012-11-14 16:26 . 2012-11-15 02:29	--------	d-----w-	c:\program files (x86)\NortonInstaller
2012-11-14 11:11 . 2012-07-26 04:47	2560	----a-w-	c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 11:11 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:11 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:11 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 11:04 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 11:04 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:04 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:04 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 11:04 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 11:04 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:04 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-11 22:15 . 2012-11-11 22:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-11 22:14 . 2012-11-11 22:14	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-10 19:02 . 2012-11-11 19:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-10 19:02 . 2012-11-11 19:28	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-10 19:01 . 2012-11-10 19:01	--------	d-----w-	c:\users\Terry\AppData\Local\Programs
2012-11-09 17:04 . 2012-11-09 17:04	--------	d-----w-	C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-30 02:09 . 2012-10-30 02:09	-------- d-----w-	c:\program files (x86)\Gophoto.it
2012-10-30 02:05 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\OnlineHD.TV
2012-10-30 01:51 . 2012-10-31 23:39	--------	d-----w-	c:\program files (x86)\uTorrent
2012-10-29 03:21 . 2012-11-03 05:04	--------	d-----w-	c:\users\Terry\AppData\Roaming\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 23:10 . 2012-07-15 01:18	539984	----a-w-	c:\windows\system32\EasyRedirect64.dll
2012-11-22 23:10 . 2012-07-15 01:18	380240	----a-w-	c:\windows\SysWow64\EasyRedirect.dll
2012-11-17 18:49 . 2012-03-31 18:59	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-17 18:49 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 11:04 . 2010-09-01 16:14	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-11 22:14 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-08-31 18:19 . 2012-10-10 08:49	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 08:48	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 08:48	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 08:48	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 00:56 . 2012-04-02 00:55	22259528	----a-w-	c:\program files (x86)\vlc-2.0.1-win32.exe
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-26 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-11-22 4760400]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-17 13105848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-11-14 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-11-22 3575120]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 18:49]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-11-24 15:13:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 23:13
ComboFix2.txt 2012-11-22 01:46
ComboFix3.txt 2012-11-11 20:04
ComboFix4.txt 2012-11-09 20:48
ComboFix5.txt 2012-11-24 21:20
.
Pre-Run: 738,909,585,408 bytes free
Post-Run: 738,632,187,904 bytes free
.
- - End Of File - - F5BFED71E6BF6C0369EC5AF26BA7141D


----------



## eddie5659 (Mar 19, 2001)

That's a combofix log, can you try using *SystemLook* instead, as you did before, as follows:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
*viewpoint*
*DataMngr*
*Trolltech*
*Bandoo*
*Fun4IM*
*whitesmoke*
*Searchnu*
:folderfind
*Conduit*
*uTorrentControl2*
*InstallMate*
*Tarma Installer*
*Ilivid*
*OpenCandy*
*searchqu*
*AVG Secure Search*
*CToolbar*
*StartSearch*
*Babylon*
*Crossrider*
*Freeze.com*
*Viewpoint*
*StartNow*
*isearch*
*viewpoint*
*DataMngr*
*whitesmoke*
*Trolltech*
*Bandoo*
*Fun4IM*
*Searchnu*
:regfind
Conduit
uTorrentControl2
InstallMate
Tarma Installer
whitesmoke
Ilivid
OpenCandy
searchqu
AVG Secure Search
CToolbar
StartSearch
Babylon
Crossrider
Freeze.com
Viewpoint
StartNow
isearch
viewpoint
DataMngr
Trolltech
Bandoo
Fun4IM
Searchnu
kelkoopartners
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*[/QUOTE]


----------



## TerryD55 (Oct 22, 2012)

Ah, geez! I swear the stress from this think is destroying my brain cells. Here you, go:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:34 on 25/11/2012 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf	--a---- 19604 bytes	[14:49 16/04/2009]	[14:49 16/04/2009] 2019BE2CCBB888D9FA8B4EE8DFBD4CF4
C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf	--a---- 27484 bytes	[14:49 16/04/2009]	[14:49 16/04/2009] CB70FA803082E4F3D0402799613171EE
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634188644294968750.png.vir	--a---- 2082 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 369D7B1919164AE582123413766EBB1E
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442641766325000.png.vir	--a---- 1062 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] A6E265A10E77FBAF77DDDCC11E155B26
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442671524633757.png.vir	--a---- 1188 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 4B8A28889FDB2CFE1FEC952729DD2266
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442676849165007.png.vir	--a---- 1416 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] D863883F87BD0FBD96B6D7F3A95BD0F8
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442677346508757.png.vir	--a---- 1393 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 674CAA942DF7A568B24C21453F897718
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634442678744790007.png.vir	--a---- 1342 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 897BF535CB7A1C6169E8E760A704CCF3
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Images_634816857722205000.png.vir	--a---- 1851 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] FA4EDBC5038FFE10F89AFD0BDC86A401
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442626744350001_24PX.png.vir	--a---- 866 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 4F23EED01724E80596C51E1E8401C01F
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442628354662501_24PX.png.vir	--a---- 1139 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] A7F72FBD280435CA5DE978D3DEFF720F
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_62_270_CT2704262_Sharing_temp_634442631291400001_24PX.png.vir	--a---- 1202 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 37123FD3C9499437EB639B722D69A33F
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png.vir	--a---- 772 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 1805E8470C0EE167396751BA3E9B0AAA
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif.vir	--a---- 419 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif.vir	--a---- 950 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_components_separator.gif.vir	--a---- 314 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 2E25133B02C7C430B953CC6B2C092010
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\CT2704262\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif.vir	--a---- 322 bytes	[02:14 29/10/2012]	[19:36 14/10/2012] 948781E4B6478290050ECA4423B89B1E
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\ConduitAbstractionLayer.js.vir	--a---- 30362 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir	--a---- 1305 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\content\tb\al\aboutBox\images\conduit-logo.png.vir	--a---- 3926 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\CT2704262\skin\conduitToolBarStyle.css.vir	--a---- 3 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\Old Firefox Data\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\log4conduit.jsm.vir	--a---- 760 bytes	[02:14 29/10/2012]	[18:40 05/09/2012] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Terry\Downloads\Programs\HSS-2.70-install-anchorfree-393-conduit.exe	--a---- 5321760 bytes	[15:04 28/09/2012]	[15:04 28/09/2012] FAD6FF07EDFF6F0E9541CC5CA4920212

Searching for "*uTorrentControl2*"
No files found.

Searching for "*InstallMate*"
No files found.

Searching for "*Tarma Installer*"
No files found.

Searching for "*Ilivid*"
C:\Qoobox\Quarantine\C\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk.vir	--a---- 1050 bytes	[17:36 06/11/2012]	[17:36 06/11/2012] 0F2421C9E88233320CBF9048613B38D4
C:\Qoobox\Quarantine\C\Users\Terry\Desktop\iLivid.lnk.vir	--a---- 1042 bytes	[17:36 06/11/2012]	[17:36 06/11/2012] 9A7E310753A6B952E11088452B61B39B
C:\Qoobox\Quarantine\C\Users\Terry\Downloads\Programs\iLividSetup.exe.vir	--a---- 1302424 bytes	[17:35 06/11/2012]	[17:35 06/11/2012] 756F67A33A424E53BC71E49EF0BFE951
C:\Qoobox\Quarantine\C\Users\Terry\Downloads\Programs\iLividSetupV1.exe.vir	--a---- 2060760 bytes	[01:47 07/12/2011]	[01:47 07/12/2011] 11A40C3EC61C32C4EED1175D92A8C5EA
C:\Qoobox\Quarantine\C\Users\Terry\Downloads\Programs\iLividSetupV1_2.exe.vir	--a---- 2063040 bytes	[00:06 06/02/2012]	[00:06 06/02/2012] 12D6957E9D66B1DCF3062599A74D297F

Searching for "*OpenCandy*"
No files found.

Searching for "*searchqu*"
No files found.

Searching for "*AVG Secure Search*"
No files found.

Searching for "*CToolbar*"
No files found.

Searching for "*StartSearch*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Crossrider*"
No files found.

Searching for "*Freeze.com*"
No files found.

Searching for "*Viewpoint*"
C:\Qoobox\Quarantine\C\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe.vir	--a---- 3858056 bytes	[22:22 21/09/2010]	[14:59 23/03/2010] FC393CFF7BC091C6733A7DF192A4D133
C:\Qoobox\Quarantine\C\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe.vir	--a---- 3858056 bytes	[00:36 31/05/2012]	[22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133

Searching for "*StartNow*"
No files found.

Searching for "*isearch*"
No files found.

Searching for "*viewpoint*"
C:\Qoobox\Quarantine\C\Program Files (x86)\AOL 9.5\Jiti\viewpoint.exe.vir	--a---- 3858056 bytes	[22:22 21/09/2010]	[14:59 23/03/2010] FC393CFF7BC091C6733A7DF192A4D133
C:\Qoobox\Quarantine\C\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe.vir	--a---- 3858056 bytes	[00:36 31/05/2012]	[22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133

Searching for "*DataMngr*"
No files found.

Searching for "*Trolltech*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Searchnu*"
No files found.

========== folderfind ==========

Searching for "*Conduit*"
No folders found.

Searching for "*uTorrentControl2*"
No folders found.

Searching for "*InstallMate*"
No folders found.

Searching for "*Tarma Installer*"
No folders found.

Searching for "*Ilivid*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*searchqu*"
No folders found.

Searching for "*AVG Secure Search*"
No folders found.

Searching for "*CToolbar*"
No folders found.

Searching for "*StartSearch*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Crossrider*"
No folders found.

Searching for "*Freeze.com*"
No folders found.

Searching for "*Viewpoint*"
No folders found.

Searching for "*StartNow*"
No folders found.

Searching for "*isearch*"
No folders found.

Searching for "*viewpoint*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*whitesmoke*"
C:\Users\Terry\AppData\LocalLow\whitesmoketoolbar	d------	[17:33 10/11/2010]
C:\Users\Terry\AppData\Roaming\WhiteSmokeTranslator	d------	[17:33 10/11/2010]

Searching for "*Trolltech*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Searchnu*"
No folders found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49A430ED76EBA681EDC30AE3E421A6AF]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CF16DF3D66B098F6F24B971E18632AA]
"7EEB5F206BA024E4B98F5288AACE7C2F"="C:\Program Files (x86)\EZ Fonts\fonts\conduit2.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"FileName"="HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\978]
"Url0"="http://software-files-a.cnet.com/s/software/12/70/77/84/HSS-2.70-install-anchorfree-393-conduit.exe?token=1348880674_2964158738c176d75437a5efe323588e&lop=link&ptype=3001&ontid=2092&siteId=4&edId=3&spi=7243f1203e3d3928cc590f76f3825c09&pid=12707784&psid=10594721&fileName=HSS-2.70-install-anchorfree-393-conduit.exe"

Searching for "uTorrentControl2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASMANCS]

Searching for "InstallMate"
No data found.

Searching for "Tarma Installer"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Environment]
"WS_TARGET_DIR"="C:\Program Files (x86)\WhiteSmoke Translator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke-silent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke-silent_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeDictRegistration_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeDictRegistration_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Environment]
"WS_TARGET_DIR"="C:\Program Files (x86)\WhiteSmoke Translator"

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_CURRENT_USER\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A2F65A3A-0E7E-4485-A898-B3341D755F4C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LocalPath"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"LogFileName"="C:\Users\Terry\AppData\Roaming\IDM\DwnlData\Terry\iLividSetupV1_1191\iLividSetupV1_1191.log"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Host"="download.cdn.ilivid.com"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"FileName"="iLividSetup.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Referer"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Cookie"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPage"="http://lp.ilivid.com/?appid=420&subid=0000010611416164129"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"owWPCookies"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"Url0"="http://download.ilivid.com/iLividSetupV1.exe"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1191]
"U0_c"="__utma=259522898.1216740164.1352001794.1352001794.1352001794.1; __utmz=259522898.1352001794.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=what%20is%20ilivid; appid_dl=420; appid_sh=1; lp=n=513"

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"LatestDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"CampaignDownloadUrl"="http://download.uniblue.com/adv/ds/ds/opencandy/4ds/driverscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Uniblue\DriverScanner]
"PurchaseUrl"="http://www.liutilities.com/products/campaigns/dstrial/adv/opencandy/4ds/"

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"Referer"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1000]
"owWPage"="http://www.globaltv.com/etcanada/video/top+stories/alex+oloughlin+hawaii+five0+s2/video.html?v=2144938313&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"FileName"="video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\999]
"Url0"="http://www.globaltv.com/etcanada/video/etc+uncut/alex+oloughlin+uncut/video.html?v=2146203202&p=1&s=dd&searchQuery=alex%20o%27loughlin"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"="http://www.searchqu.com/406"

Searching for "AVG Secure Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
"path"="C:\ProgramData\AVG Secure Search\ChromeExt\11.1.0.12\avg.crx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vToolbarUpdater13.2.0]
"ImagePath"="C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"

Searching for "CToolbar"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_CURRENT_USER\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2E5E800E-6AC0-411E-940A-369530A35E43}]
"DllName"="TwcToolbarIe7.dll"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Adobe\Acrobat Reader\10.0\AVGeneral\cToolbars]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-0]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-169]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBar-593980]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\W3i, LLC\EZ Fonts\EZ Fonts\Workspace\MFCToolBarParameters]

Searching for "StartSearch"
No data found.

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_CURRENT_USER\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"Cookie"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1108]
"U0_c"="s_sess=%20s_cm%3Dundefinedforums.cnet.comforums.cnet.com%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; sgt_standdown=1; __utma=66954481.292894639.1350953105.1350953105.1350953105.1; __utmb=66954481.8.8.1350953122937; __utmc=66954481; __utmz=66954481.1350953105.1.1.utmcsr=forums.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/7723-6132_102-565014/how-to-remove-babylon-virus/; s_pers=%20s_vnum%3D1382489104625%2526vn%253D1%7C1382489104625%3B%20s_cpmcvp%3D%255B%255B%2527Other%252520Referrers-forums.cnet.com%2527%252C%25271350953104645%2527%255D%255D%7C1508719504645%3B%20s_invisit%3Dtrue%7C1350954918503%3B%20s_visit%3D1%7C1350954922959%3B%20gpv_pageName%3Dus/online-scanner-popup/us/online-scanner-popup%7C1350954922967%3B%20s_nr%3D1350953122970-New%7C1382489122970%3B"

Searching for "Crossrider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055345591}]
@="ICrossriderBHO"

Searching for "Freeze.com"
No data found.

Searching for "Viewpoint"
No data found.

Searching for "StartNow"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

Searching for "isearch"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"Referer"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1158]
"owWPage"="http://www.zimbio.com/Latest+Computer+Threats/articles/bxw-nCSfPL1/Isearch+avg+com+Virus+Removal+Isearch+avg"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]

Searching for "viewpoint"
No data found.

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]

Searching for "Trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "Bandoo"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Searchnu"
No data found.

Searching for "kelkoopartners"
No data found.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

I know what you mean 

Okay, firstly, did you uninstall SuperAntispyware? If not, can you uninstall it then do the following:

Next, you need to remove an Extension from Chrome. To do this,

Start Chrome:

1) Type the following in the address bar

*chrome://extensions/*

2) locate the following extension:

*AVG Secure Search*

3) click the (uninstall) buttton (a little bin on the right)

-----------

Now, do another backup, using ERUNT, like you did before.

Then, delete the CFScript.txt that you have, and create a new one as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
Folder::
C:\Users\Terry\AppData\LocalLow\whitesmoketoolbar
C:\Users\Terry\AppData\Roaming\WhiteSmokeTranslator
Registry::
[HKEY_CURRENT_USER\Environment]
"WS_TARGET_DIR"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl2AutoUpdateHelper_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke-silent_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke-silent_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeDictRegistration_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WhiteSmokeDictRegistration_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Environment]
"WS_TARGET_DIR"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6D97E31338E3E6F4D9EF007C6465E955]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8B4F0888C10A343468A1047B4877EB18]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CAC02833CB3981F4C81EE96861E97A55]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS]
[HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\SUPERAntiSpyware.com\SUPERAntiSpyware]
"ProtectedHomePage"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## TerryD55 (Oct 22, 2012)

I did uninstall the Superantispyware, but I now have Norton 360. Should I temporarily disable that before I follow this instructions? Thanks!


----------



## eddie5659 (Mar 19, 2001)

Yep, if you can, jsut to be safe. Sometimes they can cause some fixes not to work.

If you're not sure how, go here and scroll down to Norton 360:

http://www.bleepingcomputer.com/forums/topic114351.html


----------



## TerryD55 (Oct 22, 2012)

OK, I had actually removed the AVG extension quite a while ago, but I checked again to see if I could find any traces of it and I couldn't, so I went ahead with the next steps. I hesitate to say this because I don't want to jinx myself, but I think we're getting close now. :up: My Home pages are no longer defaulting to AVG.

Here is the latest log:

ComboFix 12-11-29.02 - Terry 11/29/2012 17:00:53.16.2 - x64
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\dtx.ini
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\exeArgs.xml
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\guid.dat
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\log.txt
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\preferences.dat
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\stat.log
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\stats.dat
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\uninstallIE.dat
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\uninstallStatIE.dat
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\weather\274e04130a6638841a5b8a7f2c5e3169
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\weather\2aced4adf0b9673d328f2e7764ebd0e4
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\weather\forecasts_cache.xml
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\weather\observations_cache.xml
c:\users\Terry\AppData\LocalLow\whitesmoketoolbar\weatherbutton_prefs.xml
c:\users\Terry\AppData\Roaming\WhiteSmokeTranslator
c:\users\Terry\AppData\Roaming\WhiteSmokeTranslator\stat.log
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 01:17 . 2012-11-30 01:17	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-30 01:17 . 2012-11-30 01:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-26 18:22 . 2012-11-26 18:22	--------	d-----w-	c:\users\Terry\AppData\Roaming\JLAdventCalendarAlpine2012
2012-11-26 18:22 . 2012-11-26 18:22	--------	d-----w-	c:\program files (x86)\JL Alpine Advent Calendar
2012-11-26 02:40 . 2012-11-26 02:40	--------	d-----w-	c:\program files (x86)\PANDORA.TV
2012-11-26 02:38 . 2012-11-26 02:38	--------	d-----w-	c:\users\Terry\AppData\Local\Coupon Companion
2012-11-26 02:38 . 2012-11-26 02:38	--------	d-----w-	c:\program files (x86)\Coupon Companion
2012-11-26 00:54 . 2012-11-26 00:54	--------	d-----w-	c:\users\Terry\AppData\Local\MPlayer
2012-11-26 00:53 . 2012-11-29 02:20	--------	d-----w-	c:\users\Terry\.umplayer
2012-11-26 00:53 . 2012-11-26 00:53	--------	d-----w-	c:\program files (x86)\UMPlayer
2012-11-23 17:50 . 2012-11-30 01:22	--------	d-----w-	c:\programdata\notracks.com
2012-11-22 00:10 . 2012-11-22 00:10	--------	d-----w-	c:\program files (x86)\ERUNT
2012-11-21 13:02 . 2012-11-22 00:43	165112	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-11-18 02:21 . 2012-11-25 01:09	--------	d-----w-	c:\users\Terry\AppData\Local\CrashDumps
2012-11-17 18:46 . 2012-11-22 00:38	--------	d-----w-	c:\users\Terry\AppData\Local\The Weather Channel
2012-11-14 20:20 . 2012-11-14 20:20	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-11-14 16:47 . 2012-11-14 16:47	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Symantec
2012-11-14 16:47 . 2012-11-14 16:47	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-11-14 16:46 . 2012-11-22 00:38	--------	d-----w-	c:\windows\system32\drivers\N360x64
2012-11-14 16:46 . 2012-11-14 16:46	--------	d-----w-	c:\program files (x86)\Norton 360
2012-11-14 16:31 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{23A94581-7CBD-4AB9-BBF1-790F812BDA97}\mpengine.dll
2012-11-14 16:26 . 2012-11-15 02:29	--------	d-----w-	c:\program files (x86)\NortonInstaller
2012-11-14 11:11 . 2012-07-26 04:47	2560	----a-w-	c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 11:11 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:11 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:11 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 11:04 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 11:04 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:04 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:04 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 11:04 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 11:04 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:04 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-11 22:15 . 2012-11-11 22:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-11 22:14 . 2012-11-11 22:14	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-10 19:02 . 2012-11-11 19:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-10 19:02 . 2012-11-11 19:28	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-11-10 19:01 . 2012-11-10 19:01	--------	d-----w-	c:\users\Terry\AppData\Local\Programs
2012-11-09 17:04 . 2012-11-09 17:04	--------	d-----w-	C:\_OTL
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-03 03:37 . 2012-11-03 03:37	--------	d-----w-	c:\users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-03 03:37 . 2012-11-03 05:02	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-11-02 17:59 . 2012-11-03 05:01	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Calling Card
2012-11-02 17:44 . 2012-11-03 05:01	--------	d-----w-	c:\program files (x86)\LogMeIn Rescue Calling Card
2012-11-02 16:18 . 2012-11-03 05:12	--------	d-----w-	c:\users\Terry\AppData\Local\LogMeIn Rescue Applet
2012-11-01 00:34 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-01 00:34 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-01 00:34 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-01 00:34 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-01 00:34 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-01 00:34 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-01 00:34 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-01 00:34 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 23:10 . 2012-07-15 01:18	539984	----a-w-	c:\windows\system32\EasyRedirect64.dll
2012-11-22 23:10 . 2012-07-15 01:18	380240	----a-w-	c:\windows\SysWow64\EasyRedirect.dll
2012-11-17 18:49 . 2012-03-31 18:59	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-17 18:49 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 11:04 . 2010-09-01 16:14	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-11 22:14 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-16 08:38 . 2012-11-28 02:58	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 02:58	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 02:58	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 11:24 . 2012-08-15 09:05	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2012-09-14 19:19 . 2012-10-10 08:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 08:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-13 21:06 . 2012-09-13 21:06	42248	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2012-09-13 19:26 . 2012-09-13 19:26	38632	----a-w-	c:\windows\system32\drivers\taphss.sys
2012-09-09 04:06 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 15:39 . 2012-09-03 15:39	788536	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{B2F34D92-C5CF-4801-90CB-D04A5634B334}\TweetDeck.exe
2012-04-02 00:56 . 2012-04-02 00:55	22259528	----a-w-	c:\program files (x86)\vlc-2.0.1-win32.exe
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]
2012-11-26 02:38	617344	----a-w-	c:\program files (x86)\Coupon Companion\Coupon Companion.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-26 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-11-22 4760400]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-11-06 963984]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-17 13105848]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121128.001\IDSvia64.sys [2012-11-14 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-11-22 3575120]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 18:49]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-11-29 17:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-30 01:53
ComboFix2.txt 2012-11-24 23:14
ComboFix3.txt 2012-11-22 01:46
ComboFix4.txt 2012-11-11 20:04
ComboFix5.txt 2012-11-30 00:59
.
Pre-Run: 729,564,999,680 bytes free
Post-Run: 729,656,934,400 bytes free
.
- - End Of File - - 7CF1F31F2C4E7CD375C8E92B60B7570D


----------



## eddie5659 (Mar 19, 2001)

Good to hear, though we still have some remains to get rid of 

Now, you still have this showing:

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]

So, we'll get rid of that. Also, there are some signs of other stuff surfacing, so there is a new tool to help with that.

Firstly, the tool:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

--------

Then, can you run this in ComboFix again, and remember to delete the CFScript.txt that you have, and create a new one from the below:


```
Folder::
c:\program files (x86)\Common Files\AVG Secure Search
Driver::
vToolbarUpdater13.2.0
```
And post the log it creates


----------



## TerryD55 (Oct 22, 2012)

Yikes! Is there any way to safely download things from the net? I was hoping the Norton 360 would protect me more. Anyway, here's the JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.1 (12.01.2012:1)
OS: Windows 7 Home Premium x64
Ran by Terry on Sat 12/01/2012 at 10:43:10.48
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-254241989-344465633-3051194989-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\installedbrowserextensions"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{74f475fa-6c75-43bd-aab9-ecda6184f600}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Terry\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Terry\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\Terry\appdata\local\aol toolbar"
Successfully deleted: [Folder] "C:\Users\Terry\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Terry\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"
Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo layers client"

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pbkdpahkifcigckmhiafindmaflfifgm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/01/2012 at 10:50:49.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## eddie5659 (Mar 19, 2001)

Its a fun world out there, isn't it 

Looks like a good load was removed, just waiting for the new combofix log from the fix above, and we're nearly there


----------



## TerryD55 (Oct 22, 2012)

Yay!! Unfortunately, I'm out of work at the moment but when things turn around, I'll definitely contribute to this site, and will refer others here for help. You're the best.


----------



## eddie5659 (Mar 19, 2001)

Its okay about not donating, as I know being out of work means you have to look after every penny 

If you just run the combofix part (posted below):

Remember to delete the CFScript.txt that you have, and create a new one from the below:


```
Folder::
c:\program files (x86)\Common Files\AVG Secure Search
Driver::
vToolbarUpdater13.2.0
```
And post the log it creates 

=============

Then, just these last two to triple check, and then we're good to go:

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










==============================

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

eddie


----------



## eddie5659 (Mar 19, 2001)

Hiya

Any joy on the above? Its just to remove any remains, and then we can remove the tools we've used 

eddie


----------



## TerryD55 (Oct 22, 2012)

Shoot, Eddie! I didn't even see this reply. I was wondering where you'd gone.  I'll get to work on these.


----------



## eddie5659 (Mar 19, 2001)

No problem, sometimes my subscriptions don't work, and I stroll in and see a few I've missed


----------



## TerryD55 (Oct 22, 2012)

OK, bear with me, I'm going to give you the CF log info first, attach the log and then run ESET. It looks like it may take a while so I'll come back with the results of that scan.

ComboFix 12-12-19.02 - Terry 12/19/2012 12:30:27.18.2 - x64
Running from: c:\users\Terry\Downloads\Programs\ComboFix.exe
Command switches used :: c:\users\Terry\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))
.
.
2012-12-15 04:53 . 2012-12-18 19:01	--------	d-----w-	c:\users\Terry\AppData\Roaming\vlc
2012-12-13 07:18 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 07:18 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-11 21:54 . 2012-12-11 21:54	--------	d-----w-	c:\program files\VideoLAN
2012-12-11 17:52 . 2012-12-11 17:52	--------	d-----w-	c:\program files (x86)\Red Sky
2012-12-03 23:52 . 2012-12-03 23:52	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-12-01 18:43 . 2012-12-01 18:43	--------	d-----w-	c:\windows\ERUNT
2012-12-01 18:43 . 2012-12-01 18:43	--------	d-----w-	C:\JRT
2012-11-26 18:22 . 2012-11-26 18:22	--------	d-----w-	c:\users\Terry\AppData\Roaming\JLAdventCalendarAlpine2012
2012-11-26 18:22 . 2012-11-26 18:22	--------	d-----w-	c:\program files (x86)\JL Alpine Advent Calendar
2012-11-26 02:40 . 2012-11-26 02:40	--------	d-----w-	c:\program files (x86)\PANDORA.TV
2012-11-26 00:54 . 2012-11-26 00:54	--------	d-----w-	c:\users\Terry\AppData\Local\MPlayer
2012-11-26 00:53 . 2012-12-11 22:03	--------	d-----w-	c:\users\Terry\.umplayer
2012-11-26 00:53 . 2012-11-26 00:53	--------	d-----w-	c:\program files (x86)\UMPlayer
2012-11-23 17:50 . 2012-12-19 21:34	--------	d-----w-	c:\programdata\notracks.com
2012-11-22 00:10 . 2012-11-22 00:10	--------	d-----w-	c:\program files (x86)\ERUNT
2012-11-21 13:02 . 2012-11-22 00:43	165112	----a-w-	c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 11:04 . 2010-09-01 16:14	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 20:24 . 2012-03-31 18:59	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 20:24 . 2011-06-28 14:41	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 20:24 . 2012-08-15 09:05	16363960	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-22 23:10 . 2012-07-15 01:18	539984	----a-w-	c:\windows\system32\EasyRedirect64.dll
2012-11-22 23:10 . 2012-07-15 01:18	380240	----a-w-	c:\windows\SysWow64\EasyRedirect.dll
2012-11-14 16:47 . 2012-11-14 16:47	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-11 22:14 . 2012-11-11 22:14	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 22:14 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-09 16:22 . 2012-11-09 16:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-02 00:26 . 2009-07-13 23:16	145408	----a-w-	c:\windows\SysWow64\powrprof.dll
2012-10-16 08:38 . 2012-11-28 02:58	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 02:58	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 02:58	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 08:48	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 08:48	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 08:48	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 08:48	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 01:00 . 2012-11-14 22:16	776864	----a-w-	c:\windows\system32\drivers\N360x64\1402000.013\srtsp64.sys
2012-10-04 16:40 . 2012-12-13 07:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-04 01:40 . 2012-11-14 22:16	1133216	----a-w-	c:\windows\system32\drivers\N360x64\1402000.013\symefa64.sys
2012-10-04 01:40 . 2012-11-14 22:16	493216	----a-w-	c:\windows\system32\drivers\N360x64\1402000.013\symds64.sys
2012-10-04 01:19 . 2012-11-14 22:16	168096	----a-w-	c:\windows\system32\drivers\N360x64\1402000.013\ccsetx64.sys
2012-10-03 17:56 . 2012-11-14 08:48	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 08:48	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 08:48	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 08:48	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 08:48	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 08:48	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 08:48	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 08:48	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 08:48	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 08:48	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 08:48	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 08:48	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 08:48	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-23 22:42 . 2012-09-23 22:42	5632	----a-w-	c:\windows\system32\bbchlp.dll
2012-09-23 22:42 . 2012-09-23 22:42	4608	----a-w-	c:\windows\system32\drivers\bbcap.sys
2012-09-23 22:42 . 2012-09-23 22:42	37376	----a-w-	c:\windows\system32\bbcap.dll
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-26 3540416]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-11-22 4760400]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-12-09 969104]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-17 13105848]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121218.001\IDSvia64.sys [2012-11-14 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-11-22 3575120]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 20:24]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://aol.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\30ys5cpq.default\
FF - ExtSQL: 2012-11-22 07:02; [email protected]; c:\users\Terry\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-12-03 14:17; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2012-12-03 15:08; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-12-19 14:02:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-19 22:02
ComboFix2.txt 2012-12-03 22:10
ComboFix3.txt 2012-11-30 01:53
ComboFix4.txt 2012-11-24 23:14
ComboFix5.txt 2012-12-19 20:27
.
Pre-Run: 700,430,245,888 bytes free
Post-Run: 700,264,759,296 bytes free
.
- - End Of File - - DF1BBCDF74E6EF49849E8D99456508CC


----------



## eddie5659 (Mar 19, 2001)

All looks good so far, hoping the eset scan is all clear as well


----------



## TerryD55 (Oct 22, 2012)

OK, here you go. ESET

C:\Qoobox\Quarantine\C\Users\Terry\Downloads\Programs\iLividSetup.exe.vir	Win32/Toolbar.SearchSuite application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-cbsi4_1_1-KMPlayer-10659939.exe	a variant of Win32/CNETInstaller.A application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-cbsi4_1_1-KMPlayer-10659939_2.exe	a variant of Win32/CNETInstaller.A application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-cbsi4_1_1-KMPlayer-10659939_3.exe	a variant of Win32/CNETInstaller.A application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-cbsi5_2_0_83-KMPlayer-SEO2-10659939.exe	a variant of Win32/CNETInstaller.A application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-tr1_7-Nexus_Radio-10905740.exe	Win32/DownloadAdmin.D application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\cbsidlm-tr1_7-Revo_Uninstaller-SEO2-10687648.exe	Win32/DownloadAdmin.D application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\FreeVideoToJPGConverter.exe	Win32/OpenCandy application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\Hawaii.Five-0.S03E05.1080p.WEB-DL.DD5.1.H.264-KiNGS_[PublicHD]_secure.exe	a variant of Win32/TopMedia.A application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\Hawaii.Five-0.S03E05.1080p.WEB-DL.DD5.1.H.exe	Win32/Adware.1ClickDownload.K application	cleaned by deleting - quarantined
C:\Users\Terry\Downloads\Programs\Hawaii.Five-0.S03E06.1080p.WEB-DL.DD5.1.H.exe	multiple threats	cleaned by deleting - quarantined


----------



## eddie5659 (Mar 19, 2001)

Excellent, hows the computer running now, is Isearch still appearing?

If its all good, we'll remove the tools we've used, but I'll wait for your reply first 

eddie


----------



## TerryD55 (Oct 22, 2012)

Knock on wood, everything is looking as it should!


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

Okay, lets remove the tools we've used 

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
SecurityCheck
AdwCleaner
SystemLook
sfp.zip
CKScanner
RogueKiller
JRT.exe
Runscanner
RSReport.run
*

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Create Restore Point (Win7)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 

Then click on the *Advanced tab* and do the following:


 Scroll down to *Security* section.
 Tick the box for *Empty Tempory Internet Files when Browser is Closed*

 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. You can either use *Microsoft Windows Firewall* which is good, or a free one available for personal use.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## TerryD55 (Oct 22, 2012)

Eddie, everything looks good. I want to thank you so much for the amount of time you've spent researching my problem and holding my technically-challenged hand and guiding me through all of this. I've ditched the "free" anti-virus and firewall protection for Norton 360. The "free" protection turned out to be quite costly in the long run. You and this site ROCK!


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

I must admit, free ones are good up to a point, but for that extra protection, paying a small amount a year is very good.

I'm on MSE at the moment, as I was having some problems on this pc. But, may go back to Avast soon, when I know its all okay my side 

Happy New Year to you


----------



## TerryD55 (Oct 22, 2012)

Eddie,

This damned thing is back. I downloaded a file someone I know supposedly had no problems with, I scanned the file with MBM and my Norton 360 didn't pick up on anything but my computer is now infected and the bogus AVG iSearch toolbar is back. Can I follow the instructions from the above thread to remove it again?


----------



## eddie5659 (Mar 19, 2001)

Nuts 

You should be okay going thru the above, but it may be in different locations. OTL is having a few problems at the moment, but if you start with JRT and then adwcleaner (post the logs here, just so I can see if anything else has appeared) and we can go from there 








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.


----------



## TerryD55 (Oct 22, 2012)

Thanks Eddie, For some reason I didn't get your reply in my inbox and I thought you'd washed your hands of me. Not that I would blame you.  At least now I know the source and just because someone else says something is safe, that's not necessarily the case. Back to work on this problem I go....


----------



## eddie5659 (Mar 19, 2001)

No worries, happens to me from time to time. I feel lousy when I come back and see a reply and someone is hanging on waiting for the next fix to remove the malware 

I'm here for many hours tomorrow night, till 11pm gmt


----------



## TerryD55 (Oct 22, 2012)

Oy. This isn't starting out well. JRT keeps giving me an error message saying that Finder utility QGREP isn't working properly and then it won't go any further. After that the error message keeps popping up every few seconds. I did a search on that and found a recommendation to download Kapersky TDSSKILLER because it could be related to malware from Akamai. I'd seen that name pop up the last time so I tried this rootkit and sure enough it found an Akamai file that it deemed dangerous. I deleted it using the app and rebooted, and tried JRT again. The same thing kept happening with the error message. Should I move on to the next step?


----------



## eddie5659 (Mar 19, 2001)

Can you post the log that the TDSSKiller gave, as I just want to see what else there is.

I would go the ComboFix route, so lets do that now 

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## TerryD55 (Oct 22, 2012)

Oh! When I went to disable SuperAntiSpyware, I discovered that under "Hi-Jack" protection, my home page had actually been hijacked somehow - It showed that damned AVGisearch thing. I was able to change it but I wonder if it will default back.

OK, first is the TDSSKiller log:

12:22:07.0538 7564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:22:08.0407 7564 ============================================================
12:22:08.0407 7564 Current date / time: 2013/02/05 12:22:08.0407
12:22:08.0407 7564 SystemInfo:
12:22:08.0408 7564 
12:22:08.0408 7564 OS Version: 6.1.7601 ServicePack: 1.0
12:22:08.0408 7564 Product type: Workstation
12:22:08.0408 7564 ComputerName: TERRY-PC
12:22:08.0408 7564 UserName: Terry
12:22:08.0408 7564 Windows directory: C:\Windows
12:22:08.0408 7564 System windows directory: C:\Windows
12:22:08.0408 7564 Running under WOW64
12:22:08.0408 7564 Processor architecture: Intel x64
12:22:08.0408 7564 Number of processors: 2
12:22:08.0408 7564 Page size: 0x1000
12:22:08.0408 7564 Boot type: Normal boot
12:22:08.0408 7564 ============================================================
12:22:09.0088 7564 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:09.0092 7564 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:09.0455 7564 Drive \Device\Harddisk2\DR2 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:09.0462 7564 ============================================================
12:22:09.0462 7564 \Device\Harddisk0\DR0:
12:22:09.0463 7564 MBR partitions:
12:22:09.0463 7564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
12:22:09.0463 7564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x72B7BDB0
12:22:09.0463 7564 \Device\Harddisk1\DR1:
12:22:09.0463 7564 MBR partitions:
12:22:09.0463 7564 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
12:22:09.0463 7564 \Device\Harddisk2\DR2:
12:22:09.0464 7564 MBR partitions:
12:22:09.0464 7564 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
12:22:09.0464 7564 ============================================================
12:22:09.0499 7564 C: <-> \Device\Harddisk0\DR0\Partition2
12:22:09.0500 7564 G: <-> \Device\Harddisk1\DR1\Partition1
12:22:09.0500 7564 ============================================================
12:22:09.0500 7564 Initialize success
12:22:09.0500 7564 ============================================================
12:22:17.0146 6372 ============================================================
12:22:17.0146 6372 Scan started
12:22:17.0146 6372 Mode: Manual; 
12:22:17.0146 6372 ============================================================
12:22:17.0316 6372 ================ Scan system memory ========================
12:22:17.0316 6372 System memory - ok
12:22:17.0319 6372 ================ Scan services =============================
12:22:17.0388 6372 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:22:17.0389 6372 !SASCORE - ok
12:22:17.0533 6372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:22:17.0536 6372 1394ohci - ok
12:22:17.0579 6372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:22:17.0582 6372 ACPI - ok
12:22:17.0603 6372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:22:17.0604 6372 AcpiPmi - ok
12:22:17.0694 6372 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
12:22:17.0696 6372 AdobeActiveFileMonitor9.0 - ok
12:22:17.0748 6372 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:22:17.0749 6372 AdobeARMservice - ok
12:22:17.0863 6372 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:17.0866 6372 AdobeFlashPlayerUpdateSvc - ok
12:22:17.0924 6372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:22:17.0930 6372 adp94xx - ok
12:22:17.0969 6372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:22:17.0973 6372 adpahci - ok
12:22:17.0999 6372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:22:18.0001 6372 adpu320 - ok
12:22:18.0038 6372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:22:18.0038 6372 AeLookupSvc - ok
12:22:18.0099 6372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:22:18.0104 6372 AFD - ok
12:22:18.0122 6372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:22:18.0124 6372 agp440 - ok
12:22:18.0278 6372 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
12:22:18.0278 6372 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
12:22:18.0287 6372 Akamai ( HiddenFile.Multi.Generic ) - warning
12:22:18.0287 6372 Akamai - detected HiddenFile.Multi.Generic (1)
12:22:18.0314 6372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:22:18.0316 6372 ALG - ok
12:22:18.0330 6372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:22:18.0331 6372 aliide - ok
12:22:18.0352 6372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:22:18.0353 6372 amdide - ok
12:22:18.0406 6372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:22:18.0408 6372 AmdK8 - ok
12:22:18.0429 6372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:22:18.0430 6372 AmdPPM - ok
12:22:18.0459 6372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:22:18.0461 6372 amdsata - ok
12:22:18.0492 6372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:22:18.0495 6372 amdsbs - ok
12:22:18.0509 6372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:22:18.0510 6372 amdxata - ok
12:22:18.0578 6372 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
12:22:18.0579 6372 AOL ACS - ok
12:22:18.0599 6372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:22:18.0601 6372 AppID - ok
12:22:18.0612 6372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:22:18.0613 6372 AppIDSvc - ok
12:22:18.0636 6372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:22:18.0637 6372 Appinfo - ok
12:22:18.0663 6372 appliandMP - ok
12:22:18.0712 6372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:22:18.0714 6372 arc - ok
12:22:18.0726 6372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:22:18.0728 6372 arcsas - ok
12:22:18.0816 6372 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:22:18.0817 6372 aspnet_state - ok
12:22:18.0837 6372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:18.0838 6372 AsyncMac - ok
12:22:18.0880 6372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:22:18.0881 6372 atapi - ok
12:22:18.0917 6372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:22:18.0921 6372 AudioEndpointBuilder - ok
12:22:18.0935 6372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:22:18.0938 6372 AudioSrv - ok
12:22:18.0982 6372 avgtp - ok
12:22:19.0062 6372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:22:19.0064 6372 AxInstSV - ok
12:22:19.0109 6372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:22:19.0114 6372 b06bdrv - ok
12:22:19.0169 6372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:19.0173 6372 b57nd60a - ok
12:22:19.0222 6372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:22:19.0223 6372 BDESVC - ok
12:22:19.0253 6372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:22:19.0254 6372 Beep - ok
12:22:19.0301 6372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:22:19.0305 6372 BFE - ok
12:22:19.0462 6372 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
12:22:19.0469 6372 BHDrvx64 - ok
12:22:19.0507 6372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:22:19.0512 6372 BITS - ok
12:22:19.0528 6372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:22:19.0529 6372 blbdrive - ok
12:22:19.0549 6372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:22:19.0551 6372 bowser - ok
12:22:19.0563 6372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:22:19.0564 6372 BrFiltLo - ok
12:22:19.0575 6372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:22:19.0576 6372 BrFiltUp - ok
12:22:19.0615 6372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:22:19.0616 6372 BridgeMP - ok
12:22:19.0634 6372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:22:19.0635 6372 Browser - ok
12:22:19.0661 6372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:22:19.0664 6372 Brserid - ok
12:22:19.0696 6372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:22:19.0697 6372 BrSerWdm - ok
12:22:19.0713 6372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:22:19.0714 6372 BrUsbMdm - ok
12:22:19.0729 6372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:22:19.0730 6372 BrUsbSer - ok
12:22:19.0773 6372 [ 233F834C71F1EF95D266F86D0860D4D3 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:22:19.0778 6372 BstHdAndroidSvc - ok
12:22:19.0823 6372 [ BCA794E1A1B55A926773AE741DEE93A1 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:22:19.0824 6372 BstHdDrv - ok
12:22:19.0848 6372 [ 6736C5C64313909CD8126B253A7AEE0F ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:22:19.0850 6372 BstHdLogRotatorSvc - ok
12:22:19.0910 6372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:22:19.0911 6372 BTHMODEM - ok
12:22:19.0933 6372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:22:19.0935 6372 bthserv - ok
12:22:20.0020 6372 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
12:22:20.0022 6372 ccSet_N360 - ok
12:22:20.0042 6372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:22:20.0043 6372 cdfs - ok
12:22:20.0074 6372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:22:20.0076 6372 cdrom - ok
12:22:20.0110 6372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:22:20.0111 6372 CertPropSvc - ok
12:22:20.0133 6372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:22:20.0134 6372 circlass - ok
12:22:20.0156 6372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:22:20.0160 6372 CLFS - ok
12:22:20.0269 6372 [ 9F7DBE12A2B5BE09F9C9E3BE20D81E38 ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
12:22:20.0270 6372 CLHNServiceForPowerDVD - ok
12:22:20.0328 6372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:20.0330 6372 clr_optimization_v2.0.50727_32 - ok
12:22:20.0355 6372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:22:20.0357 6372 clr_optimization_v2.0.50727_64 - ok
12:22:20.0439 6372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:20.0440 6372 clr_optimization_v4.0.30319_32 - ok
12:22:20.0461 6372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:22:20.0462 6372 clr_optimization_v4.0.30319_64 - ok
12:22:20.0471 6372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:22:20.0472 6372 CmBatt - ok
12:22:20.0493 6372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:22:20.0494 6372 cmdide - ok
12:22:20.0525 6372 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
12:22:20.0530 6372 CNG - ok
12:22:20.0575 6372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:22:20.0576 6372 Compbatt - ok
12:22:20.0620 6372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:22:20.0621 6372 CompositeBus - ok
12:22:20.0641 6372 COMSysApp - ok
12:22:20.0675 6372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:22:20.0676 6372 crcdisk - ok
12:22:20.0719 6372 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:22:20.0720 6372 CryptSvc - ok
12:22:20.0782 6372 [ 9DEEDBD844F84E3B7BC163974E3FDCAD ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
12:22:20.0783 6372 CyberLink PowerDVD 11.0 Monitor Service - ok
12:22:20.0808 6372 [ E2A1450811017E781A1F886DCA52EC23 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
12:22:20.0809 6372 CyberLink PowerDVD 11.0 Service - ok
12:22:20.0856 6372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:22:20.0860 6372 DcomLaunch - ok
12:22:20.0879 6372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:22:20.0882 6372 defragsvc - ok
12:22:20.0903 6372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:22:20.0905 6372 DfsC - ok
12:22:20.0947 6372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:22:20.0949 6372 Dhcp - ok
12:22:20.0964 6372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:22:20.0964 6372 discache - ok
12:22:20.0978 6372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:22:20.0979 6372 Disk - ok
12:22:20.0998 6372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:22:20.0999 6372 Dnscache - ok
12:22:21.0023 6372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:22:21.0026 6372 dot3svc - ok
12:22:21.0064 6372 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:22:21.0066 6372 Dot4 - ok
12:22:21.0088 6372 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:22:21.0090 6372 Dot4Print - ok
12:22:21.0105 6372 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:22:21.0106 6372 dot4usb - ok
12:22:21.0122 6372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:22:21.0123 6372 DPS - ok
12:22:21.0136 6372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:22:21.0137 6372 drmkaud - ok
12:22:21.0167 6372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:22:21.0176 6372 DXGKrnl - ok
12:22:21.0248 6372 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
12:22:21.0251 6372 e1yexpress - ok
12:22:21.0303 6372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:22:21.0304 6372 EapHost - ok
12:22:21.0486 6372 [ DF2CDB0AF16F0C1651D4CAAF94C8973F ] EasyRedirect C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
12:22:21.0504 6372 EasyRedirect - ok
12:22:21.0613 6372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:22:21.0671 6372 ebdrv - ok
12:22:21.0748 6372 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:22:21.0753 6372 eeCtrl - ok
12:22:21.0770 6372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:22:21.0771 6372 EFS - ok
12:22:21.0822 6372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:22:21.0829 6372 ehRecvr - ok
12:22:21.0841 6372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:22:21.0843 6372 ehSched - ok
12:22:21.0868 6372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:22:21.0873 6372 elxstor - ok
12:22:21.0921 6372 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:22:21.0923 6372 EraserUtilRebootDrv - ok
12:22:21.0953 6372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:22:21.0954 6372 ErrDev - ok
12:22:21.0997 6372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:22:21.0999 6372 EventSystem - ok
12:22:22.0025 6372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:22:22.0028 6372 exfat - ok
12:22:22.0051 6372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:22:22.0054 6372 fastfat - ok
12:22:22.0102 6372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:22:22.0109 6372 Fax - ok
12:22:22.0130 6372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:22:22.0131 6372 fdc - ok
12:22:22.0152 6372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:22:22.0156 6372 fdPHost - ok
12:22:22.0168 6372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:22:22.0169 6372 FDResPub - ok
12:22:22.0183 6372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:22:22.0184 6372 FileInfo - ok
12:22:22.0201 6372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:22:22.0202 6372 Filetrace - ok
12:22:22.0218 6372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:22:22.0219 6372 flpydisk - ok
12:22:22.0238 6372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:22:22.0241 6372 FltMgr - ok
12:22:22.0272 6372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:22:22.0278 6372 FontCache - ok
12:22:22.0307 6372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:22:22.0307 6372 FontCache3.0.0.0 - ok
12:22:22.0331 6372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:22:22.0332 6372 FsDepends - ok
12:22:22.0351 6372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:22:22.0352 6372 Fs_Rec - ok
12:22:22.0407 6372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:22:22.0410 6372 fvevol - ok
12:22:22.0439 6372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:22:22.0441 6372 gagp30kx - ok
12:22:22.0474 6372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:22:22.0478 6372 gpsvc - ok
12:22:22.0551 6372 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
12:22:22.0557 6372 Greg_Service - ok
12:22:22.0612 6372 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:22.0613 6372 gupdate - ok
12:22:22.0622 6372 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:22.0623 6372 gupdatem - ok
12:22:22.0642 6372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:22:22.0643 6372 hcw85cir - ok
12:22:22.0683 6372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:22:22.0697 6372 HdAudAddService - ok
12:22:22.0747 6372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:22:22.0749 6372 HDAudBus - ok
12:22:22.0771 6372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:22:22.0772 6372 HidBatt - ok
12:22:22.0787 6372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:22:22.0789 6372 HidBth - ok
12:22:22.0802 6372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:22:22.0804 6372 HidIr - ok
12:22:22.0844 6372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:22:22.0845 6372 hidserv - ok
12:22:22.0880 6372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:22:22.0881 6372 HidUsb - ok
12:22:22.0918 6372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:22:22.0919 6372 hkmsvc - ok
12:22:22.0943 6372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:22:22.0946 6372 HomeGroupListener - ok
12:22:22.0978 6372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:22:22.0980 6372 HomeGroupProvider - ok
12:22:23.0037 6372 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:22:23.0039 6372 hpqcxs08 - ok
12:22:23.0049 6372 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:22:23.0050 6372 hpqddsvc - ok
12:22:23.0064 6372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:22:23.0066 6372 HpSAMD - ok
12:22:23.0128 6372 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:22:23.0134 6372 HPSLPSVC - ok
12:22:23.0160 6372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:22:23.0166 6372 HTTP - ok
12:22:23.0180 6372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:22:23.0181 6372 hwpolicy - ok
12:22:23.0195 6372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt  C:\Windows\system32\drivers\i8042prt.sys
12:22:23.0196 6372 i8042prt - ok
12:22:23.0246 6372 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:22:23.0249 6372 IAANTMON - ok
12:22:23.0292 6372 [ BF5442DC14608D18949DC83DE37E667A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:22:23.0295 6372 iaStor - ok
12:22:23.0357 6372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:22:23.0361 6372 iaStorV - ok
12:22:23.0411 6372 [ 3CBC834892B5E04CE635BB60FB0EE6FF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
12:22:23.0413 6372 IDMWFP - ok
12:22:23.0462 6372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:22:23.0470 6372 idsvc - ok
12:22:23.0569 6372 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130202.001_82a\IDSvia64.sys
12:22:23.0572 6372 IDSVia64 - ok
12:22:23.0783 6372 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:22:23.0956 6372 igfx - ok
12:22:23.0976 6372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:22:23.0977 6372 iirsp - ok
12:22:24.0019 6372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:22:24.0024 6372 IKEEXT - ok
12:22:24.0075 6372 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:22:24.0102 6372 IntcAzAudAddService - ok
12:22:24.0123 6372 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:22:24.0125 6372 IntcHdmiAddService - ok
12:22:24.0147 6372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:22:24.0148 6372 intelide - ok
12:22:24.0189 6372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:22:24.0190 6372 intelppm - ok
12:22:24.0221 6372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:22:24.0223 6372 IPBusEnum - ok
12:22:24.0242 6372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:22:24.0244 6372 IpFilterDriver - ok
12:22:24.0281 6372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:22:24.0284 6372 iphlpsvc - ok
12:22:24.0306 6372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:22:24.0307 6372 IPMIDRV - ok
12:22:24.0329 6372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:22:24.0331 6372 IPNAT - ok
12:22:24.0361 6372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:22:24.0362 6372 IRENUM - ok
12:22:24.0377 6372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:22:24.0378 6372 isapnp - ok
12:22:24.0396 6372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:22:24.0399 6372 iScsiPrt - ok
12:22:24.0442 6372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:22:24.0443 6372 kbdclass - ok
12:22:24.0463 6372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:22:24.0463 6372 kbdhid - ok
12:22:24.0486 6372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:22:24.0487 6372 KeyIso - ok
12:22:24.0508 6372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:22:24.0509 6372 KSecDD - ok
12:22:24.0532 6372 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:22:24.0534 6372 KSecPkg - ok
12:22:24.0556 6372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:22:24.0557 6372 ksthunk - ok
12:22:24.0607 6372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:22:24.0612 6372 KtmRm - ok
12:22:24.0650 6372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:22:24.0652 6372 LanmanServer - ok
12:22:24.0692 6372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:22:24.0694 6372 LanmanWorkstation - ok
12:22:24.0736 6372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:22:24.0738 6372 lltdio - ok
12:22:24.0779 6372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:22:24.0783 6372 lltdsvc - ok
12:22:24.0798 6372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:22:24.0799 6372 lmhosts - ok
12:22:24.0844 6372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:22:24.0847 6372 LSI_FC - ok
12:22:24.0866 6372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:22:24.0868 6372 LSI_SAS - ok
12:22:24.0889 6372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:22:24.0891 6372 LSI_SAS2 - ok
12:22:24.0910 6372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:22:24.0912 6372 LSI_SCSI - ok
12:22:24.0926 6372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:22:24.0928 6372 luafv - ok
12:22:24.0965 6372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:22:24.0968 6372 Mcx2Svc - ok
12:22:24.0984 6372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:22:24.0985 6372 megasas - ok
12:22:25.0005 6372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:22:25.0009 6372 MegaSR - ok
12:22:25.0057 6372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:22:25.0058 6372 MMCSS - ok
12:22:25.0073 6372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:22:25.0074 6372 Modem - ok
12:22:25.0109 6372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:22:25.0110 6372 monitor - ok
12:22:25.0124 6372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:22:25.0125 6372 mouclass - ok
12:22:25.0158 6372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:22:25.0159 6372 mouhid - ok
12:22:25.0193 6372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:22:25.0194 6372 mountmgr - ok
12:22:25.0302 6372 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:22:25.0304 6372 MozillaMaintenance - ok
12:22:25.0319 6372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:22:25.0336 6372 mpio - ok
12:22:25.0358 6372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:22:25.0360 6372 mpsdrv - ok
12:22:25.0389 6372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:22:25.0397 6372 MpsSvc - ok
12:22:25.0414 6372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:22:25.0416 6372 MRxDAV - ok
12:22:25.0437 6372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:22:25.0439 6372 mrxsmb - ok
12:22:25.0456 6372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:22:25.0459 6372 mrxsmb10 - ok
12:22:25.0492 6372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:22:25.0494 6372 mrxsmb20 - ok
12:22:25.0514 6372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:22:25.0516 6372 msahci - ok
12:22:25.0535 6372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:22:25.0537 6372 msdsm - ok
12:22:25.0558 6372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:22:25.0561 6372 MSDTC - ok
12:22:25.0582 6372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:22:25.0584 6372 Msfs - ok
12:22:25.0600 6372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:22:25.0601 6372 mshidkmdf - ok
12:22:25.0612 6372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:22:25.0613 6372 msisadrv - ok
12:22:25.0652 6372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:22:25.0655 6372 MSiSCSI - ok
12:22:25.0662 6372 msiserver - ok
12:22:25.0686 6372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:22:25.0687 6372 MSKSSRV - ok
12:22:25.0712 6372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:22:25.0713 6372 MSPCLOCK - ok
12:22:25.0726 6372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:22:25.0727 6372 MSPQM - ok
12:22:25.0749 6372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:22:25.0753 6372 MsRPC - ok
12:22:25.0815 6372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:22:25.0816 6372 mssmbios - ok
12:22:25.0829 6372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:22:25.0830 6372 MSTEE - ok
12:22:25.0848 6372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:22:25.0849 6372 MTConfig - ok
12:22:25.0864 6372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:22:25.0866 6372 Mup - ok
12:22:25.0951 6372 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
12:22:25.0953 6372 N360 - ok
12:22:25.0999 6372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:22:26.0004 6372 napagent - ok
12:22:26.0036 6372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:22:26.0040 6372 NativeWifiP - ok
12:22:26.0115 6372 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003_81a\ENG64.SYS
12:22:26.0116 6372 NAVENG - ok
12:22:26.0205 6372 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003_81a\EX64.SYS
12:22:26.0218 6372 NAVEX15 - ok
12:22:26.0263 6372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:22:26.0273 6372 NDIS - ok
12:22:26.0311 6372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:22:26.0313 6372 NdisCap - ok
12:22:26.0346 6372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:22:26.0347 6372 NdisTapi - ok
12:22:26.0385 6372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:22:26.0386 6372 Ndisuio - ok
12:22:26.0406 6372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:22:26.0408 6372 NdisWan - ok
12:22:26.0419 6372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:22:26.0420 6372 NDProxy - ok
12:22:26.0502 6372 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:22:26.0514 6372 Nero BackItUp Scheduler 4.0 - ok
12:22:26.0577 6372 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:22:26.0579 6372 Net Driver HPZ12 - ok
12:22:26.0613 6372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:22:26.0614 6372 NetBIOS - ok
12:22:26.0636 6372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:22:26.0639 6372 NetBT - ok
12:22:26.0652 6372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:22:26.0653 6372 Netlogon - ok
12:22:26.0698 6372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:22:26.0701 6372 Netman - ok
12:22:26.0743 6372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:26.0745 6372 NetMsmqActivator - ok
12:22:26.0759 6372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:26.0761 6372 NetPipeActivator - ok
12:22:26.0815 6372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:22:26.0818 6372 netprofm - ok
12:22:26.0825 6372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:26.0827 6372 NetTcpActivator - ok
12:22:26.0832 6372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:26.0834 6372 NetTcpPortSharing - ok
12:22:26.0860 6372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:22:26.0862 6372 nfrd960 - ok
12:22:26.0895 6372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:22:26.0898 6372 NlaSvc - ok
12:22:26.0907 6372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:22:26.0909 6372 Npfs - ok
12:22:26.0918 6372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:22:26.0919 6372 nsi - ok
12:22:26.0932 6372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:22:26.0933 6372 nsiproxy - ok
12:22:26.0982 6372 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:22:27.0012 6372 Ntfs - ok
12:22:27.0064 6372 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
12:22:27.0066 6372 ntk_PowerDVD - ok
12:22:27.0082 6372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:22:27.0083 6372 Null - ok
12:22:27.0106 6372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:22:27.0108 6372 nvraid - ok
12:22:27.0132 6372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:22:27.0135 6372 nvstor - ok
12:22:27.0170 6372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:22:27.0172 6372 nv_agp - ok
12:22:27.0183 6372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:22:27.0185 6372 ohci1394 - ok
12:22:27.0256 6372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:22:27.0259 6372 ose - ok
12:22:27.0402 6372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:22:27.0482 6372 osppsvc - ok
12:22:27.0547 6372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:22:27.0550 6372 p2pimsvc - ok
12:22:27.0594 6372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:22:27.0600 6372 p2psvc - ok
12:22:27.0667 6372 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
12:22:27.0671 6372 PanService - ok
12:22:27.0695 6372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:22:27.0697 6372 Parport - ok
12:22:27.0712 6372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:22:27.0714 6372 partmgr - ok
12:22:27.0721 6372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:22:27.0723 6372 PcaSvc - ok
12:22:27.0741 6372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:22:27.0744 6372 pci - ok
12:22:27.0763 6372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:22:27.0764 6372 pciide - ok
12:22:27.0777 6372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:22:27.0780 6372 pcmcia - ok
12:22:27.0800 6372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:22:27.0802 6372 pcw - ok
12:22:27.0821 6372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:22:27.0828 6372 PEAUTH - ok
12:22:27.0948 6372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:22:27.0950 6372 PerfHost - ok
12:22:27.0993 6372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:22:28.0008 6372 pla - ok
12:22:28.0046 6372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:22:28.0049 6372 PlugPlay - ok
12:22:28.0084 6372 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:22:28.0085 6372 Pml Driver HPZ12 - ok
12:22:28.0105 6372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:22:28.0108 6372 PNRPAutoReg - ok
12:22:28.0116 6372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:22:28.0119 6372 PNRPsvc - ok
12:22:28.0153 6372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:22:28.0156 6372 PolicyAgent - ok
12:22:28.0178 6372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:22:28.0181 6372 Power - ok
12:22:28.0217 6372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:22:28.0219 6372 PptpMiniport - ok
12:22:28.0236 6372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:22:28.0238 6372 Processor - ok
12:22:28.0270 6372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:22:28.0273 6372 ProfSvc - ok
12:22:28.0285 6372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:22:28.0287 6372 ProtectedStorage - ok
12:22:28.0320 6372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:22:28.0321 6372 Psched - ok
12:22:28.0354 6372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:22:28.0355 6372 PxHlpa64 - ok
12:22:28.0399 6372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:22:28.0422 6372 ql2300 - ok
12:22:28.0439 6372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:22:28.0441 6372 ql40xx - ok
12:22:28.0483 6372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:22:28.0487 6372 QWAVE - ok
12:22:28.0506 6372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:22:28.0507 6372 QWAVEdrv - ok
12:22:28.0526 6372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:22:28.0527 6372 RasAcd - ok
12:22:28.0558 6372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:22:28.0559 6372 RasAgileVpn - ok
12:22:28.0575 6372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:22:28.0578 6372 RasAuto - ok
12:22:28.0596 6372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:22:28.0598 6372 Rasl2tp - ok
12:22:28.0640 6372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:22:28.0643 6372 RasMan - ok
12:22:28.0659 6372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:22:28.0661 6372 RasPppoe - ok
12:22:28.0695 6372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:22:28.0696 6372 RasSstp - ok
12:22:28.0712 6372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:22:28.0716 6372 rdbss - ok
12:22:28.0750 6372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:22:28.0751 6372 rdpbus - ok
12:22:28.0769 6372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:22:28.0770 6372 RDPCDD - ok
12:22:28.0790 6372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:22:28.0790 6372 RDPENCDD - ok
12:22:28.0800 6372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:22:28.0801 6372 RDPREFMP - ok
12:22:28.0842 6372 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:22:28.0843 6372 RdpVideoMiniport - ok
12:22:28.0862 6372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:22:28.0866 6372 RDPWD - ok
12:22:28.0888 6372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:22:28.0892 6372 rdyboost - ok
12:22:28.0916 6372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:22:28.0918 6372 RemoteAccess - ok
12:22:28.0944 6372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:22:28.0947 6372 RemoteRegistry - ok
12:22:28.0967 6372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:22:28.0969 6372 RpcEptMapper - ok
12:22:28.0980 6372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:22:28.0982 6372 RpcLocator - ok
12:22:29.0011 6372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
12:22:29.0015 6372 RpcSs - ok
12:22:29.0031 6372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:22:29.0032 6372 rspndr - ok
12:22:29.0037 6372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:22:29.0039 6372 SamSs - ok
12:22:29.0091 6372 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:22:29.0092 6372 SASDIFSV - ok
12:22:29.0113 6372 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:22:29.0114 6372 SASKUTIL - ok
12:22:29.0120 6372 sbapifs - ok
12:22:29.0136 6372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:22:29.0138 6372 sbp2port - ok
12:22:29.0173 6372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:22:29.0177 6372 SCardSvr - ok
12:22:29.0183 6372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:22:29.0185 6372 scfilter - ok
12:22:29.0215 6372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:22:29.0222 6372 Schedule - ok
12:22:29.0254 6372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:22:29.0255 6372 SCPolicySvc - ok
12:22:29.0288 6372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:22:29.0290 6372 SDRSVC - ok
12:22:29.0304 6372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:22:29.0305 6372 secdrv - ok
12:22:29.0325 6372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:22:29.0326 6372 seclogon - ok
12:22:29.0336 6372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:22:29.0338 6372 SENS - ok
12:22:29.0343 6372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:22:29.0345 6372 SensrSvc - ok
12:22:29.0364 6372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:22:29.0365 6372 Serenum - ok
12:22:29.0405 6372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:22:29.0407 6372 Serial - ok
12:22:29.0413 6372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:22:29.0414 6372 sermouse - ok
12:22:29.0454 6372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:22:29.0456 6372 SessionEnv - ok
12:22:29.0468 6372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:22:29.0469 6372 sffdisk - ok
12:22:29.0479 6372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:22:29.0480 6372 sffp_mmc - ok
12:22:29.0491 6372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:22:29.0492 6372 sffp_sd - ok
12:22:29.0506 6372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:22:29.0507 6372 sfloppy - ok
12:22:29.0570 6372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:22:29.0574 6372 SharedAccess - ok
12:22:29.0615 6372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:22:29.0619 6372 ShellHWDetection - ok
12:22:29.0650 6372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:22:29.0652 6372 SiSRaid2 - ok
12:22:29.0663 6372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:22:29.0664 6372 SiSRaid4 - ok
12:22:29.0684 6372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:22:29.0686 6372 Smb - ok
12:22:29.0708 6372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:22:29.0710 6372 SNMPTRAP - ok
12:22:29.0728 6372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:22:29.0729 6372 spldr - ok
12:22:29.0773 6372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:22:29.0778 6372 Spooler - ok
12:22:29.0844 6372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:22:29.0864 6372 sppsvc - ok
12:22:29.0904 6372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:22:29.0906 6372 sppuinotify - ok
12:22:29.0985 6372 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
12:22:29.0990 6372 SRTSP - ok
12:22:30.0009 6372 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
12:22:30.0010 6372 SRTSPX - ok
12:22:30.0036 6372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:22:30.0041 6372 srv - ok
12:22:30.0065 6372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:22:30.0070 6372 srv2 - ok
12:22:30.0084 6372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:22:30.0086 6372 srvnet - ok
12:22:30.0123 6372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:22:30.0125 6372 SSDPSRV - ok
12:22:30.0145 6372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:22:30.0146 6372 SstpSvc - ok
12:22:30.0160 6372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:22:30.0161 6372 stexstor - ok
12:22:30.0202 6372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:22:30.0207 6372 stisvc - ok
12:22:30.0226 6372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:22:30.0227 6372 swenum - ok
12:22:30.0244 6372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:22:30.0248 6372 swprv - ok
12:22:30.0276 6372 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
12:22:30.0281 6372 SymDS - ok
12:22:30.0328 6372 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
12:22:30.0340 6372 SymEFA - ok
12:22:30.0382 6372 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:22:30.0384 6372 SymEvent - ok
12:22:30.0405 6372 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
12:22:30.0408 6372 SymIRON - ok
12:22:30.0427 6372 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
12:22:30.0432 6372 SymNetS - ok
12:22:30.0506 6372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:22:30.0518 6372 SysMain - ok
12:22:30.0546 6372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:22:30.0549 6372 TabletInputService - ok
12:22:30.0583 6372 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
12:22:30.0584 6372 taphss - ok
12:22:30.0604 6372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:22:30.0607 6372 TapiSrv - ok
12:22:30.0620 6372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:22:30.0622 6372 TBS - ok
12:22:30.0680 6372 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:22:30.0710 6372 Tcpip - ok
12:22:30.0759 6372 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:22:30.0771 6372 TCPIP6 - ok
12:22:30.0826 6372 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:22:30.0827 6372 tcpipreg - ok
12:22:30.0851 6372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:22:30.0852 6372 TDPIPE - ok
12:22:30.0864 6372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:22:30.0865 6372 TDTCP - ok
12:22:30.0901 6372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:22:30.0903 6372 tdx - ok
12:22:30.0918 6372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:22:30.0919 6372 TermDD - ok
12:22:30.0946 6372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:22:30.0950 6372 TermService - ok
12:22:30.0970 6372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:22:30.0971 6372 Themes - ok
12:22:31.0012 6372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:22:31.0013 6372 THREADORDER - ok
12:22:31.0027 6372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:22:31.0029 6372 TrkWks - ok
12:22:31.0081 6372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:22:31.0083 6372 TrustedInstaller - ok
12:22:31.0106 6372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:22:31.0108 6372 tssecsrv - ok
12:22:31.0140 6372 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:22:31.0141 6372 TsUsbFlt - ok
12:22:31.0183 6372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:22:31.0185 6372 tunnel - ok
12:22:31.0197 6372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:22:31.0199 6372 uagp35 - ok
12:22:31.0208 6372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:22:31.0212 6372 udfs - ok
12:22:31.0224 6372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:22:31.0226 6372 UI0Detect - ok
12:22:31.0284 6372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:22:31.0286 6372 uliagpkx - ok
12:22:31.0319 6372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:22:31.0320 6372 umbus - ok
12:22:31.0337 6372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:22:31.0338 6372 UmPass - ok
12:22:31.0385 6372 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
12:22:31.0386 6372 Updater Service - ok
12:22:31.0434 6372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:22:31.0437 6372 upnphost - ok
12:22:31.0458 6372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:22:31.0460 6372 usbccgp - ok
12:22:31.0483 6372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:22:31.0487 6372 usbcir - ok
12:22:31.0505 6372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:22:31.0506 6372 usbehci - ok
12:22:31.0521 6372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:22:31.0526 6372 usbhub - ok
12:22:31.0545 6372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:22:31.0546 6372 usbohci - ok
12:22:31.0580 6372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:22:31.0581 6372 usbprint - ok
12:22:31.0625 6372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:22:31.0626 6372 usbscan - ok
12:22:31.0642 6372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:22:31.0643 6372 USBSTOR - ok
12:22:31.0665 6372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:22:31.0667 6372 usbuhci - ok
12:22:31.0681 6372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:22:31.0683 6372 UxSms - ok
12:22:31.0707 6372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:22:31.0708 6372 VaultSvc - ok
12:22:31.0723 6372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:22:31.0725 6372 vdrvroot - ok
12:22:31.0772 6372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:22:31.0779 6372 vds - ok
12:22:31.0796 6372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:22:31.0797 6372 vga - ok
12:22:31.0814 6372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:22:31.0815 6372 VgaSave - ok
12:22:31.0834 6372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:22:31.0836 6372 vhdmp - ok
12:22:31.0857 6372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:22:31.0859 6372 viaide - ok
12:22:31.0875 6372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:22:31.0876 6372 volmgr - ok
12:22:31.0902 6372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:22:31.0905 6372 volmgrx - ok
12:22:31.0928 6372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:22:31.0932 6372 volsnap - ok
12:22:31.0965 6372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:22:31.0967 6372 vsmraid - ok
12:22:32.0007 6372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:22:32.0016 6372 VSS - ok
12:22:32.0028 6372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:22:32.0029 6372 vwifibus - ok
12:22:32.0056 6372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:22:32.0059 6372 W32Time - ok
12:22:32.0078 6372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:22:32.0079 6372 WacomPen - ok
12:22:32.0118 6372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:22:32.0120 6372 WANARP - ok
12:22:32.0145 6372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:22:32.0146 6372 Wanarpv6 - ok
12:22:32.0170 6372 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
12:22:32.0171 6372 wanatw - ok
12:22:32.0233 6372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:22:32.0245 6372 WatAdminSvc - ok
12:22:32.0302 6372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:22:32.0311 6372 wbengine - ok
12:22:32.0332 6372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:22:32.0336 6372 WbioSrvc - ok
12:22:32.0355 6372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:22:32.0358 6372 wcncsvc - ok
12:22:32.0377 6372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:22:32.0379 6372 WcsPlugInService - ok
12:22:32.0393 6372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:22:32.0394 6372 Wd - ok
12:22:32.0430 6372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:22:32.0438 6372 Wdf01000 - ok
12:22:32.0456 6372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:22:32.0457 6372 WdiServiceHost - ok
12:22:32.0466 6372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:22:32.0468 6372 WdiSystemHost - ok
12:22:32.0484 6372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:22:32.0488 6372 WebClient - ok
12:22:32.0511 6372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:22:32.0515 6372 Wecsvc - ok
12:22:32.0535 6372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:22:32.0536 6372 wercplsupport - ok
12:22:32.0578 6372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:22:32.0579 6372 WerSvc - ok
12:22:32.0602 6372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:22:32.0603 6372 WfpLwf - ok
12:22:32.0621 6372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:22:32.0622 6372 WIMMount - ok
12:22:32.0646 6372 WinDefend - ok
12:22:32.0682 6372 WinHttpAutoProxySvc - ok
12:22:32.0741 6372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:22:32.0742 6372 Winmgmt - ok
12:22:32.0798 6372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:22:32.0828 6372 WinRM - ok
12:22:32.0878 6372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:22:32.0887 6372 Wlansvc - ok
12:22:32.0985 6372 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:22:32.0998 6372 wlidsvc - ok
12:22:33.0026 6372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:22:33.0027 6372 WmiAcpi - ok
12:22:33.0070 6372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:22:33.0073 6372 wmiApSrv - ok
12:22:33.0091 6372 WMPNetworkSvc - ok
12:22:33.0112 6372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:22:33.0114 6372 WPCSvc - ok
12:22:33.0149 6372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:22:33.0151 6372 WPDBusEnum - ok
12:22:33.0165 6372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:22:33.0166 6372 ws2ifsl - ok
12:22:33.0208 6372 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudioDevice_383S(1) C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys
12:22:33.0209 6372 WsAudioDevice_383S(1) - ok
12:22:33.0269 6372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:22:33.0271 6372 wscsvc - ok
12:22:33.0280 6372 WSearch - ok
12:22:33.0334 6372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:22:33.0347 6372 wuauserv - ok
12:22:33.0377 6372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:22:33.0378 6372 WudfPf - ok
12:22:33.0394 6372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:22:33.0397 6372 WUDFRd - ok
12:22:33.0419 6372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:22:33.0421 6372 wudfsvc - ok
12:22:33.0447 6372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:22:33.0451 6372 WwanSvc - ok
12:22:33.0583 6372 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
12:22:33.0585 6372 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
12:22:33.0592 6372 ================ Scan global ===============================
12:22:33.0634 6372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:22:33.0660 6372 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:22:33.0670 6372 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:22:33.0699 6372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:22:33.0730 6372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:22:33.0733 6372 [Global] - ok
12:22:33.0736 6372 ================ Scan MBR ==================================
12:22:33.0754 6372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:22:33.0952 6372 \Device\Harddisk0\DR0 - ok
12:22:33.0959 6372 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk1\DR1
12:22:33.0964 6372 \Device\Harddisk1\DR1 - ok
12:22:33.0972 6372 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:22:36.0118 6372 \Device\Harddisk2\DR2 - ok
12:22:36.0121 6372 ================ Scan VBR ==================================
12:22:36.0124 6372 [ B57F793D31CCF623B804A8D8D8DA0EDC ] \Device\Harddisk0\DR0\Partition1
12:22:36.0126 6372 \Device\Harddisk0\DR0\Partition1 - ok
12:22:36.0143 6372 [ 9D5F747747876A436A6DD2A9053313BD ] \Device\Harddisk0\DR0\Partition2
12:22:36.0144 6372 \Device\Harddisk0\DR0\Partition2 - ok
12:22:36.0151 6372 [ 04C40CA2A884598A368A36333357A355 ] \Device\Harddisk1\DR1\Partition1
12:22:36.0152 6372 \Device\Harddisk1\DR1\Partition1 - ok
12:22:36.0161 6372 [ 07C84D290B5FBC08FFD11971E0576463 ] \Device\Harddisk2\DR2\Partition1
12:22:36.0162 6372 \Device\Harddisk2\DR2\Partition1 - ok
12:22:36.0165 6372 ============================================================
12:22:36.0165 6372 Scan finished
12:22:36.0165 6372 ============================================================
12:22:36.0178 5152 Detected object count: 1
12:22:36.0179 5152 Actual detected object count: 1
12:22:44.0371 5152 c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll - copied to quarantine
12:22:44.0374 5152 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine 
12:22:54.0484 4216 ============================================================
12:22:54.0484 4216 Scan started
12:22:54.0484 4216 Mode: Manual; 
12:22:54.0484 4216 ============================================================
12:22:54.0666 4216 ================ Scan system memory ========================
12:22:54.0666 4216 System memory - ok
12:22:54.0669 4216 ================ Scan services =============================
12:22:54.0731 4216 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:22:54.0732 4216 !SASCORE - ok
12:22:54.0865 4216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:22:54.0866 4216 1394ohci - ok
12:22:54.0889 4216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:22:54.0890 4216 ACPI - ok
12:22:54.0913 4216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:22:54.0914 4216 AcpiPmi - ok
12:22:54.0971 4216 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
12:22:54.0972 4216 AdobeActiveFileMonitor9.0 - ok
12:22:55.0002 4216 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:22:55.0003 4216 AdobeARMservice - ok
12:22:55.0073 4216 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:55.0075 4216 AdobeFlashPlayerUpdateSvc - ok
12:22:55.0101 4216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:22:55.0103 4216 adp94xx - ok
12:22:55.0123 4216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:22:55.0125 4216 adpahci - ok
12:22:55.0142 4216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:22:55.0143 4216 adpu320 - ok
12:22:55.0181 4216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:22:55.0182 4216 AeLookupSvc - ok
12:22:55.0208 4216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:22:55.0211 4216 AFD - ok
12:22:55.0232 4216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:22:55.0233 4216 agp440 - ok
12:22:55.0321 4216 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
12:22:55.0321 4216 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
12:22:55.0330 4216 Akamai ( HiddenFile.Multi.Generic ) - warning
12:22:55.0330 4216 Akamai - detected HiddenFile.Multi.Generic (1)
12:22:55.0368 4216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:22:55.0369 4216 ALG - ok
12:22:55.0384 4216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:22:55.0385 4216 aliide - ok
12:22:55.0406 4216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:22:55.0406 4216 amdide - ok
12:22:55.0427 4216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:22:55.0428 4216 AmdK8 - ok
12:22:55.0450 4216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:22:55.0450 4216 AmdPPM - ok
12:22:55.0469 4216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:22:55.0471 4216 amdsata - ok
12:22:55.0494 4216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:22:55.0496 4216 amdsbs - ok
12:22:55.0519 4216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:22:55.0519 4216 amdxata - ok
12:22:55.0577 4216 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
12:22:55.0577 4216 AOL ACS - ok
12:22:55.0598 4216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:22:55.0599 4216 AppID - ok
12:22:55.0611 4216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:22:55.0612 4216 AppIDSvc - ok
12:22:55.0623 4216 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:22:55.0625 4216 Appinfo - ok
12:22:55.0651 4216 appliandMP - ok
12:22:55.0678 4216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:22:55.0678 4216 arc - ok
12:22:55.0691 4216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:22:55.0692 4216 arcsas - ok
12:22:55.0770 4216 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:22:55.0771 4216 aspnet_state - ok
12:22:55.0791 4216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:55.0792 4216 AsyncMac - ok
12:22:55.0812 4216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:22:55.0812 4216 atapi - ok
12:22:55.0838 4216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:22:55.0842 4216 AudioEndpointBuilder - ok
12:22:55.0869 4216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:22:55.0872 4216 AudioSrv - ok
12:22:55.0880 4216 avgtp - ok
12:22:55.0916 4216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:22:55.0917 4216 AxInstSV - ok
12:22:55.0963 4216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:22:55.0966 4216 b06bdrv - ok
12:22:55.0993 4216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:55.0995 4216 b57nd60a - ok
12:22:56.0020 4216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:22:56.0022 4216 BDESVC - ok
12:22:56.0052 4216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:22:56.0052 4216 Beep - ok
12:22:56.0077 4216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:22:56.0081 4216 BFE - ok
12:22:56.0216 4216 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
12:22:56.0224 4216 BHDrvx64 - ok
12:22:56.0272 4216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:22:56.0277 4216 BITS - ok
12:22:56.0293 4216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:22:56.0294 4216 blbdrive - ok
12:22:56.0315 4216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:22:56.0316 4216 bowser - ok
12:22:56.0328 4216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:22:56.0329 4216 BrFiltLo - ok
12:22:56.0338 4216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:22:56.0338 4216 BrFiltUp - ok
12:22:56.0358 4216 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:22:56.0359 4216 BridgeMP - ok
12:22:56.0377 4216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:22:56.0378 4216 Browser - ok
12:22:56.0404 4216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:22:56.0405 4216 Brserid - ok
12:22:56.0428 4216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:22:56.0429 4216 BrSerWdm - ok
12:22:56.0444 4216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:22:56.0445 4216 BrUsbMdm - ok
12:22:56.0461 4216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:22:56.0461 4216 BrUsbSer - ok
12:22:56.0496 4216 [ 233F834C71F1EF95D266F86D0860D4D3 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:22:56.0498 4216 BstHdAndroidSvc - ok
12:22:56.0510 4216 [ BCA794E1A1B55A926773AE741DEE93A1 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:22:56.0511 4216 BstHdDrv - ok
12:22:56.0535 4216 [ 6736C5C64313909CD8126B253A7AEE0F ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:22:56.0538 4216 BstHdLogRotatorSvc - ok
12:22:56.0575 4216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:22:56.0576 4216 BTHMODEM - ok
12:22:56.0599 4216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:22:56.0600 4216 bthserv - ok
12:22:56.0641 4216 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
12:22:56.0642 4216 ccSet_N360 - ok
12:22:56.0663 4216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:22:56.0664 4216 cdfs - ok
12:22:56.0684 4216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:22:56.0685 4216 cdrom - ok
12:22:56.0720 4216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:22:56.0721 4216 CertPropSvc - ok
12:22:56.0743 4216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:22:56.0744 4216 circlass - ok
12:22:56.0763 4216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:22:56.0765 4216 CLFS - ok
12:22:56.0856 4216 [ 9F7DBE12A2B5BE09F9C9E3BE20D81E38 ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
12:22:56.0857 4216 CLHNServiceForPowerDVD - ok
12:22:56.0916 4216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:56.0916 4216 clr_optimization_v2.0.50727_32 - ok
12:22:56.0943 4216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:22:56.0944 4216 clr_optimization_v2.0.50727_64 - ok
12:22:56.0994 4216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:56.0995 4216 clr_optimization_v4.0.30319_32 - ok
12:22:57.0015 4216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:22:57.0017 4216 clr_optimization_v4.0.30319_64 - ok
12:22:57.0025 4216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:22:57.0026 4216 CmBatt - ok
12:22:57.0047 4216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:22:57.0047 4216 cmdide - ok
12:22:57.0075 4216 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
12:22:57.0078 4216 CNG - ok
12:22:57.0096 4216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:22:57.0096 4216 Compbatt - ok
12:22:57.0119 4216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:22:57.0119 4216 CompositeBus - ok
12:22:57.0128 4216 COMSysApp - ok
12:22:57.0141 4216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:22:57.0141 4216 crcdisk - ok
12:22:57.0184 4216 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:22:57.0185 4216 CryptSvc - ok
12:22:57.0247 4216 [ 9DEEDBD844F84E3B7BC163974E3FDCAD ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
12:22:57.0249 4216 CyberLink PowerDVD 11.0 Monitor Service - ok
12:22:57.0273 4216 [ E2A1450811017E781A1F886DCA52EC23 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
12:22:57.0275 4216 CyberLink PowerDVD 11.0 Service - ok
12:22:57.0321 4216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:22:57.0325 4216 DcomLaunch - ok
12:22:57.0367 4216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:22:57.0368 4216 defragsvc - ok
12:22:57.0390 4216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:22:57.0391 4216 DfsC - ok
12:22:57.0412 4216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:22:57.0414 4216 Dhcp - ok
12:22:57.0429 4216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:22:57.0429 4216 discache - ok
12:22:57.0443 4216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:22:57.0444 4216 Disk - ok
12:22:57.0485 4216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:22:57.0487 4216 Dnscache - ok
12:22:57.0511 4216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:22:57.0512 4216 dot3svc - ok
12:22:57.0530 4216 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:22:57.0531 4216 Dot4 - ok
12:22:57.0543 4216 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:22:57.0543 4216 Dot4Print - ok
12:22:57.0559 4216 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:22:57.0560 4216 dot4usb - ok
12:22:57.0598 4216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:22:57.0599 4216 DPS - ok
12:22:57.0613 4216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:22:57.0613 4216 drmkaud - ok
12:22:57.0644 4216 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:22:57.0649 4216 DXGKrnl - ok
12:22:57.0669 4216 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
12:22:57.0670 4216 e1yexpress - ok
12:22:57.0712 4216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:22:57.0714 4216 EapHost - ok
12:22:57.0851 4216 [ DF2CDB0AF16F0C1651D4CAAF94C8973F ] EasyRedirect C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
12:22:57.0869 4216 EasyRedirect - ok
12:22:57.0945 4216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:22:57.0963 4216 ebdrv - ok
12:22:57.0994 4216 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:22:57.0997 4216 eeCtrl - ok
12:22:58.0014 4216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:22:58.0015 4216 EFS - ok
12:22:58.0065 4216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:22:58.0069 4216 ehRecvr - ok
12:22:58.0085 4216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:22:58.0085 4216 ehSched - ok
12:22:58.0111 4216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:22:58.0114 4216 elxstor - ok
12:22:58.0141 4216 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:22:58.0142 4216 EraserUtilRebootDrv - ok
12:22:58.0174 4216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:22:58.0174 4216 ErrDev - ok
12:22:58.0218 4216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:22:58.0220 4216 EventSystem - ok
12:22:58.0246 4216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:22:58.0247 4216 exfat - ok
12:22:58.0272 4216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:22:58.0273 4216 fastfat - ok
12:22:58.0312 4216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:22:58.0316 4216 Fax - ok
12:22:58.0328 4216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:22:58.0329 4216 fdc - ok
12:22:58.0351 4216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:22:58.0351 4216 fdPHost - ok
12:22:58.0367 4216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:22:58.0368 4216 FDResPub - ok
12:22:58.0381 4216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:22:58.0382 4216 FileInfo - ok
12:22:58.0400 4216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:22:58.0400 4216 Filetrace - ok
12:22:58.0417 4216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:22:58.0417 4216 flpydisk - ok
12:22:58.0436 4216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:22:58.0438 4216 FltMgr - ok
12:22:58.0471 4216 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:22:58.0477 4216 FontCache - ok
12:22:58.0517 4216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:22:58.0517 4216 FontCache3.0.0.0 - ok
12:22:58.0529 4216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:22:58.0530 4216 FsDepends - ok
12:22:58.0550 4216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:22:58.0550 4216 Fs_Rec - ok
12:22:58.0571 4216 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:22:58.0573 4216 fvevol - ok
12:22:58.0594 4216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:22:58.0594 4216 gagp30kx - ok
12:22:58.0617 4216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:22:58.0621 4216 gpsvc - ok
12:22:58.0671 4216 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
12:22:58.0678 4216 Greg_Service - ok
12:22:58.0711 4216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:58.0712 4216 gupdate - ok
12:22:58.0720 4216 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:58.0721 4216 gupdatem - ok
12:22:58.0740 4216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:22:58.0741 4216 hcw85cir - ok
12:22:58.0770 4216 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:22:58.0772 4216 HdAudAddService - ok
12:22:58.0791 4216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:22:58.0792 4216 HDAudBus - ok
12:22:58.0814 4216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:22:58.0815 4216 HidBatt - ok
12:22:58.0830 4216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:22:58.0831 4216 HidBth - ok
12:22:58.0845 4216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:22:58.0846 4216 HidIr - ok
12:22:58.0887 4216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:22:58.0888 4216 hidserv - ok
12:22:58.0901 4216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:22:58.0901 4216 HidUsb - ok
12:22:58.0939 4216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:22:58.0940 4216 hkmsvc - ok
12:22:58.0964 4216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:22:58.0966 4216 HomeGroupListener - ok
12:22:58.0999 4216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:22:59.0002 4216 HomeGroupProvider - ok
12:22:59.0058 4216 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:22:59.0059 4216 hpqcxs08 - ok
12:22:59.0069 4216 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:22:59.0070 4216 hpqddsvc - ok
12:22:59.0085 4216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:22:59.0086 4216 HpSAMD - ok
12:22:59.0127 4216 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:22:59.0132 4216 HPSLPSVC - ok
12:22:59.0158 4216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:22:59.0162 4216 HTTP - ok
12:22:59.0179 4216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:22:59.0179 4216 hwpolicy - ok
12:22:59.0194 4216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:22:59.0195 4216 i8042prt - ok
12:22:59.0245 4216 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:22:59.0250 4216 IAANTMON - ok
12:22:59.0280 4216 [ BF5442DC14608D18949DC83DE37E667A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:22:59.0283 4216 iaStor - ok
12:22:59.0312 4216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:22:59.0314 4216 iaStorV - ok
12:22:59.0343 4216 [ 3CBC834892B5E04CE635BB60FB0EE6FF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
12:22:59.0345 4216 IDMWFP - ok
12:22:59.0394 4216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:22:59.0398 4216 idsvc - ok
12:22:59.0468 4216 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130202.001_82a\IDSvia64.sys
12:22:59.0471 4216 IDSVia64 - ok
12:22:59.0638 4216 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:22:59.0690 4216 igfx - ok
12:22:59.0719 4216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:22:59.0720 4216 iirsp - ok
12:22:59.0762 4216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:22:59.0767 4216 IKEEXT - ok
12:22:59.0818 4216 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:22:59.0827 4216 IntcAzAudAddService - ok
12:22:59.0844 4216 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:22:59.0845 4216 IntcHdmiAddService - ok
12:22:59.0868 4216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:22:59.0868 4216 intelide - ok
12:22:59.0888 4216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:22:59.0889 4216 intelppm - ok
12:22:59.0920 4216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:22:59.0921 4216 IPBusEnum - ok
12:22:59.0941 4216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:22:59.0942 4216 IpFilterDriver - ok
12:22:59.0980 4216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:22:59.0983 4216 iphlpsvc - ok
12:23:00.0005 4216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:23:00.0005 4216 IPMIDRV - ok
12:23:00.0028 4216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:23:00.0029 4216 IPNAT - ok
12:23:00.0049 4216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:23:00.0049 4216 IRENUM - ok
12:23:00.0065 4216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:23:00.0066 4216 isapnp - ok
12:23:00.0084 4216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:23:00.0086 4216 iScsiPrt - ok
12:23:00.0107 4216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:23:00.0108 4216 kbdclass - ok
12:23:00.0117 4216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:23:00.0117 4216 kbdhid - ok
12:23:00.0129 4216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:23:00.0130 4216 KeyIso - ok
12:23:00.0151 4216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:23:00.0152 4216 KSecDD - ok
12:23:00.0175 4216 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:23:00.0176 4216 KSecPkg - ok
12:23:00.0188 4216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:23:00.0188 4216 ksthunk - ok
12:23:00.0228 4216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:23:00.0231 4216 KtmRm - ok
12:23:00.0271 4216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:23:00.0273 4216 LanmanServer - ok
12:23:00.0313 4216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:23:00.0315 4216 LanmanWorkstation - ok
12:23:00.0327 4216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:23:00.0328 4216 lltdio - ok
12:23:00.0366 4216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:23:00.0368 4216 lltdsvc - ok
12:23:00.0386 4216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:23:00.0387 4216 lmhosts - ok
12:23:00.0409 4216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:23:00.0410 4216 LSI_FC - ok
12:23:00.0432 4216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:23:00.0433 4216 LSI_SAS - ok
12:23:00.0455 4216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:23:00.0456 4216 LSI_SAS2 - ok
12:23:00.0475 4216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:23:00.0476 4216 LSI_SCSI - ok
12:23:00.0491 4216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:23:00.0492 4216 luafv - ok
12:23:00.0531 4216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:23:00.0532 4216 Mcx2Svc - ok
12:23:00.0550 4216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:23:00.0550 4216 megasas - ok
12:23:00.0571 4216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:23:00.0572 4216 MegaSR - ok
12:23:00.0600 4216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:23:00.0601 4216 MMCSS - ok
12:23:00.0616 4216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:23:00.0617 4216 Modem - ok
12:23:00.0630 4216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:23:00.0631 4216 monitor - ok
12:23:00.0645 4216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:23:00.0646 4216 mouclass - ok
12:23:00.0667 4216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:23:00.0668 4216 mouhid - ok
12:23:00.0680 4216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:23:00.0681 4216 mountmgr - ok
12:23:00.0711 4216 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:23:00.0712 4216 MozillaMaintenance - ok
12:23:00.0729 4216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:23:00.0730 4216 mpio - ok
12:23:00.0767 4216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:23:00.0768 4216 mpsdrv - ok
12:23:00.0819 4216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:23:00.0824 4216 MpsSvc - ok
12:23:00.0846 4216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:23:00.0847 4216 MRxDAV - ok
12:23:00.0869 4216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:00.0870 4216 mrxsmb - ok
12:23:00.0888 4216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:00.0890 4216 mrxsmb10 - ok
12:23:00.0913 4216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:00.0914 4216 mrxsmb20 - ok
12:23:00.0935 4216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:23:00.0936 4216 msahci - ok
12:23:00.0955 4216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:23:00.0956 4216 msdsm - ok
12:23:00.0979 4216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:23:00.0980 4216 MSDTC - ok
12:23:01.0006 4216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:23:01.0007 4216 Msfs - ok
12:23:01.0021 4216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:23:01.0022 4216 mshidkmdf - ok
12:23:01.0033 4216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:23:01.0033 4216 msisadrv - ok
12:23:01.0073 4216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:23:01.0074 4216 MSiSCSI - ok
12:23:01.0083 4216 msiserver - ok
12:23:01.0095 4216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:23:01.0096 4216 MSKSSRV - ok
12:23:01.0111 4216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:01.0111 4216 MSPCLOCK - ok
12:23:01.0125 4216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:23:01.0125 4216 MSPQM - ok
12:23:01.0147 4216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:23:01.0149 4216 MsRPC - ok
12:23:01.0169 4216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:23:01.0170 4216 mssmbios - ok
12:23:01.0183 4216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:23:01.0184 4216 MSTEE - ok
12:23:01.0202 4216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:23:01.0202 4216 MTConfig - ok
12:23:01.0218 4216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:23:01.0219 4216 Mup - ok
12:23:01.0283 4216 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
12:23:01.0284 4216 N360 - ok
12:23:01.0320 4216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:23:01.0324 4216 napagent - ok
12:23:01.0346 4216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:23:01.0348 4216 NativeWifiP - ok
12:23:01.0414 4216 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003_81a\ENG64.SYS
12:23:01.0415 4216 NAVENG - ok
12:23:01.0478 4216 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003_81a\EX64.SYS
12:23:01.0489 4216 NAVEX15 - ok
12:23:01.0538 4216 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:23:01.0543 4216 NDIS - ok
12:23:01.0566 4216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:23:01.0566 4216 NdisCap - ok
12:23:01.0589 4216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:01.0590 4216 NdisTapi - ok
12:23:01.0606 4216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:01.0607 4216 Ndisuio - ok
12:23:01.0627 4216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:01.0628 4216 NdisWan - ok
12:23:01.0640 4216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:23:01.0641 4216 NDProxy - ok
12:23:01.0700 4216 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:23:01.0705 4216 Nero BackItUp Scheduler 4.0 - ok
12:23:01.0743 4216 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:23:01.0744 4216 Net Driver HPZ12 - ok
12:23:01.0759 4216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:23:01.0760 4216 NetBIOS - ok
12:23:01.0778 4216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:23:01.0780 4216 NetBT - ok
12:23:01.0795 4216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:23:01.0797 4216 Netlogon - ok
12:23:01.0841 4216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:23:01.0844 4216 Netman - ok
12:23:01.0875 4216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:01.0876 4216 NetMsmqActivator - ok
12:23:01.0885 4216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:01.0886 4216 NetPipeActivator - ok
12:23:01.0914 4216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:23:01.0917 4216 netprofm - ok
12:23:01.0926 4216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:01.0927 4216 NetTcpActivator - ok
12:23:01.0936 4216 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:23:01.0937 4216 NetTcpPortSharing - ok
12:23:01.0959 4216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:23:01.0960 4216 nfrd960 - ok
12:23:01.0983 4216 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:23:01.0985 4216 NlaSvc - ok
12:23:01.0995 4216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:23:01.0996 4216 Npfs - ok
12:23:02.0027 4216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:23:02.0029 4216 nsi - ok
12:23:02.0042 4216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:23:02.0042 4216 nsiproxy - ok
12:23:02.0079 4216 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:23:02.0087 4216 Ntfs - ok
12:23:02.0129 4216 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
12:23:02.0130 4216 ntk_PowerDVD - ok
12:23:02.0147 4216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:23:02.0148 4216 Null - ok
12:23:02.0160 4216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:23:02.0162 4216 nvraid - ok
12:23:02.0186 4216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:23:02.0188 4216 nvstor - ok
12:23:02.0202 4216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:23:02.0203 4216 nv_agp - ok
12:23:02.0227 4216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:23:02.0228 4216 ohci1394 - ok
12:23:02.0299 4216 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:02.0300 4216 ose - ok
12:23:02.0442 4216 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:23:02.0466 4216 osppsvc - ok
12:23:02.0515 4216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:23:02.0518 4216 p2pimsvc - ok
12:23:02.0559 4216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:23:02.0562 4216 p2psvc - ok
12:23:02.0598 4216 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
12:23:02.0602 4216 PanService - ok
12:23:02.0616 4216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:23:02.0617 4216 Parport - ok
12:23:02.0633 4216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:23:02.0634 4216 partmgr - ok
12:23:02.0644 4216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:23:02.0646 4216 PcaSvc - ok
12:23:02.0662 4216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:23:02.0664 4216 pci - ok
12:23:02.0684 4216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:23:02.0685 4216 pciide - ok
12:23:02.0709 4216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:23:02.0710 4216 pcmcia - ok
12:23:02.0732 4216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:23:02.0733 4216 pcw - ok
12:23:02.0754 4216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:23:02.0757 4216 PEAUTH - ok
12:23:02.0847 4216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:23:02.0848 4216 PerfHost - ok
12:23:02.0891 4216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:23:02.0899 4216 pla - ok
12:23:02.0944 4216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:23:02.0947 4216 PlugPlay - ok
12:23:02.0982 4216 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:23:02.0983 4216 Pml Driver HPZ12 - ok
12:23:03.0015 4216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:23:03.0016 4216 PNRPAutoReg - ok
12:23:03.0028 4216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:23:03.0031 4216 PNRPsvc - ok
12:23:03.0074 4216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:23:03.0077 4216 PolicyAgent - ok
12:23:03.0099 4216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:23:03.0101 4216 Power - ok
12:23:03.0116 4216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:23:03.0116 4216 PptpMiniport - ok
12:23:03.0135 4216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:23:03.0136 4216 Processor - ok
12:23:03.0180 4216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:23:03.0182 4216 ProfSvc - ok
12:23:03.0195 4216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:23:03.0196 4216 ProtectedStorage - ok
12:23:03.0218 4216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:23:03.0219 4216 Psched - ok
12:23:03.0241 4216 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:23:03.0242 4216 PxHlpa64 - ok
12:23:03.0286 4216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:23:03.0293 4216 ql2300 - ok
12:23:03.0317 4216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:23:03.0318 4216 ql40xx - ok
12:23:03.0348 4216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:23:03.0351 4216 QWAVE - ok
12:23:03.0371 4216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:23:03.0372 4216 QWAVEdrv - ok
12:23:03.0392 4216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:23:03.0392 4216 RasAcd - ok
12:23:03.0423 4216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:23:03.0424 4216 RasAgileVpn - ok
12:23:03.0463 4216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:23:03.0464 4216 RasAuto - ok
12:23:03.0483 4216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:03.0484 4216 Rasl2tp - ok
12:23:03.0505 4216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:23:03.0508 4216 RasMan - ok
12:23:03.0524 4216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:03.0525 4216 RasPppoe - ok
12:23:03.0538 4216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:23:03.0539 4216 RasSstp - ok
12:23:03.0555 4216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:23:03.0557 4216 rdbss - ok
12:23:03.0571 4216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:03.0571 4216 rdpbus - ok
12:23:03.0590 4216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:03.0591 4216 RDPCDD - ok
12:23:03.0611 4216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:23:03.0612 4216 RDPENCDD - ok
12:23:03.0643 4216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:23:03.0644 4216 RDPREFMP - ok
12:23:03.0663 4216 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:23:03.0664 4216 RdpVideoMiniport - ok
12:23:03.0683 4216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:23:03.0685 4216 RDPWD - ok
12:23:03.0709 4216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:23:03.0711 4216 rdyboost - ok
12:23:03.0737 4216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:23:03.0738 4216 RemoteAccess - ok
12:23:03.0787 4216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:23:03.0789 4216 RemoteRegistry - ok
12:23:03.0798 4216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:23:03.0800 4216 RpcEptMapper - ok
12:23:03.0823 4216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:23:03.0824 4216 RpcLocator - ok
12:23:03.0854 4216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
12:23:03.0857 4216 RpcSs - ok
12:23:03.0867 4216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:23:03.0868 4216 rspndr - ok
12:23:03.0877 4216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:23:03.0878 4216 SamSs - ok
12:23:03.0932 4216 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:23:03.0932 4216 SASDIFSV - ok
12:23:03.0940 4216 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:23:03.0941 4216 SASKUTIL - ok
12:23:03.0949 4216 sbapifs - ok
12:23:03.0968 4216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:23:03.0969 4216 sbp2port - ok
12:23:03.0994 4216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:23:03.0997 4216 SCardSvr - ok
12:23:04.0005 4216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:23:04.0006 4216 scfilter - ok
12:23:04.0058 4216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:23:04.0065 4216 Schedule - ok
12:23:04.0097 4216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:23:04.0098 4216 SCPolicySvc - ok
12:23:04.0120 4216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:23:04.0122 4216 SDRSVC - ok
12:23:04.0136 4216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:23:04.0136 4216 secdrv - ok
12:23:04.0157 4216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:23:04.0158 4216 seclogon - ok
12:23:04.0179 4216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:23:04.0181 4216 SENS - ok
12:23:04.0202 4216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:23:04.0203 4216 SensrSvc - ok
12:23:04.0218 4216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:23:04.0219 4216 Serenum - ok
12:23:04.0237 4216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:23:04.0238 4216 Serial - ok
12:23:04.0247 4216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:23:04.0248 4216 sermouse - ok
12:23:04.0270 4216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:23:04.0272 4216 SessionEnv - ok
12:23:04.0289 4216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:23:04.0289 4216 sffdisk - ok
12:23:04.0311 4216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:23:04.0311 4216 sffp_mmc - ok
12:23:04.0334 4216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:23:04.0335 4216 sffp_sd - ok
12:23:04.0349 4216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:23:04.0350 4216 sfloppy - ok
12:23:04.0391 4216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:23:04.0393 4216 SharedAccess - ok
12:23:04.0435 4216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:23:04.0438 4216 ShellHWDetection - ok
12:23:04.0460 4216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:23:04.0461 4216 SiSRaid2 - ok
12:23:04.0483 4216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:23:04.0484 4216 SiSRaid4 - ok
12:23:04.0505 4216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:23:04.0506 4216 Smb - ok
12:23:04.0540 4216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:23:04.0541 4216 SNMPTRAP - ok
12:23:04.0560 4216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:23:04.0561 4216 spldr - ok
12:23:04.0605 4216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:23:04.0609 4216 Spooler - ok
12:23:04.0675 4216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:23:04.0693 4216 sppsvc - ok
12:23:04.0725 4216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:23:04.0726 4216 sppuinotify - ok
12:23:04.0783 4216 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
12:23:04.0787 4216 SRTSP - ok
12:23:04.0808 4216 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
12:23:04.0808 4216 SRTSPX - ok
12:23:04.0834 4216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:23:04.0837 4216 srv - ok
12:23:04.0864 4216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:23:04.0866 4216 srv2 - ok
12:23:04.0882 4216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:23:04.0883 4216 srvnet - ok
12:23:04.0922 4216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:23:04.0924 4216 SSDPSRV - ok
12:23:04.0943 4216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:23:04.0945 4216 SstpSvc - ok
12:23:04.0959 4216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:23:04.0959 4216 stexstor - ok
12:23:05.0001 4216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:23:05.0005 4216 stisvc - ok
12:23:05.0025 4216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:23:05.0025 4216 swenum - ok
12:23:05.0043 4216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:23:05.0047 4216 swprv - ok
12:23:05.0074 4216 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
12:23:05.0077 4216 SymDS - ok
12:23:05.0115 4216 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
12:23:05.0121 4216 SymEFA - ok
12:23:05.0158 4216 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:23:05.0159 4216 SymEvent - ok
12:23:05.0181 4216 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
12:23:05.0183 4216 SymIRON - ok
12:23:05.0204 4216 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
12:23:05.0206 4216 SymNetS - ok
12:23:05.0273 4216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:23:05.0283 4216 SysMain - ok
12:23:05.0312 4216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:23:05.0314 4216 TabletInputService - ok
12:23:05.0337 4216 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
12:23:05.0338 4216 taphss - ok
12:23:05.0358 4216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:23:05.0361 4216 TapiSrv - ok
12:23:05.0375 4216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:23:05.0376 4216 TBS - ok
12:23:05.0432 4216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:23:05.0441 4216 Tcpip - ok
12:23:05.0510 4216 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:23:05.0521 4216 TCPIP6 - ok
12:23:05.0547 4216 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:23:05.0547 4216 tcpipreg - ok
12:23:05.0572 4216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:23:05.0572 4216 TDPIPE - ok
12:23:05.0585 4216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:23:05.0585 4216 TDTCP - ok
12:23:05.0599 4216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:23:05.0600 4216 tdx - ok
12:23:05.0616 4216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:23:05.0617 4216 TermDD - ok
12:23:05.0644 4216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:23:05.0649 4216 TermService - ok
12:23:05.0669 4216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:23:05.0670 4216 Themes - ok
12:23:05.0711 4216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:23:05.0712 4216 THREADORDER - ok
12:23:05.0726 4216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:23:05.0728 4216 TrkWks - ok
12:23:05.0791 4216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:23:05.0792 4216 TrustedInstaller - ok
12:23:05.0816 4216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:05.0817 4216 tssecsrv - ok
12:23:05.0838 4216 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:23:05.0839 4216 TsUsbFlt - ok
12:23:05.0859 4216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:23:05.0860 4216 tunnel - ok
12:23:05.0874 4216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:23:05.0875 4216 uagp35 - ok
12:23:05.0887 4216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:23:05.0889 4216 udfs - ok
12:23:05.0924 4216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:23:05.0926 4216 UI0Detect - ok
12:23:05.0950 4216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:23:05.0950 4216 uliagpkx - ok
12:23:05.0973 4216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:23:05.0974 4216 umbus - ok
12:23:05.0991 4216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:23:05.0992 4216 UmPass - ok
12:23:06.0038 4216 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
12:23:06.0039 4216 Updater Service - ok
12:23:06.0065 4216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:23:06.0068 4216 upnphost - ok
12:23:06.0090 4216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:23:06.0091 4216 usbccgp - ok
12:23:06.0115 4216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:23:06.0116 4216 usbcir - ok
12:23:06.0137 4216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:23:06.0137 4216 usbehci - ok
12:23:06.0164 4216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:23:06.0166 4216 usbhub - ok
12:23:06.0188 4216 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:23:06.0188 4216 usbohci - ok
12:23:06.0212 4216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:23:06.0213 4216 usbprint - ok
12:23:06.0235 4216 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:23:06.0235 4216 usbscan - ok
12:23:06.0252 4216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:23:06.0253 4216 USBSTOR - ok
12:23:06.0264 4216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:23:06.0265 4216 usbuhci - ok
12:23:06.0280 4216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:23:06.0282 4216 UxSms - ok
12:23:06.0295 4216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:23:06.0296 4216 VaultSvc - ok
12:23:06.0311 4216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:23:06.0311 4216 vdrvroot - ok
12:23:06.0338 4216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:23:06.0342 4216 vds - ok
12:23:06.0361 4216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:23:06.0362 4216 vga - ok
12:23:06.0379 4216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:23:06.0380 4216 VgaSave - ok
12:23:06.0399 4216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:23:06.0400 4216 vhdmp - ok
12:23:06.0423 4216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:23:06.0424 4216 viaide - ok
12:23:06.0440 4216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:23:06.0441 4216 volmgr - ok
12:23:06.0467 4216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:23:06.0469 4216 volmgrx - ok
12:23:06.0490 4216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:23:06.0492 4216 volsnap - ok
12:23:06.0508 4216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:23:06.0509 4216 vsmraid - ok
12:23:06.0550 4216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:23:06.0559 4216 VSS - ok
12:23:06.0571 4216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:23:06.0572 4216 vwifibus - ok
12:23:06.0599 4216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:23:06.0602 4216 W32Time - ok
12:23:06.0621 4216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:23:06.0622 4216 WacomPen - ok
12:23:06.0631 4216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:23:06.0632 4216 WANARP - ok
12:23:06.0640 4216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:23:06.0641 4216 Wanarpv6 - ok
12:23:06.0657 4216 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
12:23:06.0658 4216 wanatw - ok
12:23:06.0710 4216 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:23:06.0716 4216 WatAdminSvc - ok
12:23:06.0756 4216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:23:06.0765 4216 wbengine - ok
12:23:06.0787 4216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:23:06.0789 4216 WbioSrvc - ok
12:23:06.0810 4216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:23:06.0812 4216 wcncsvc - ok
12:23:06.0831 4216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:23:06.0833 4216 WcsPlugInService - ok
12:23:06.0847 4216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:23:06.0848 4216 Wd - ok
12:23:06.0882 4216 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:23:06.0886 4216 Wdf01000 - ok
12:23:06.0899 4216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:23:06.0901 4216 WdiServiceHost - ok
12:23:06.0910 4216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:23:06.0912 4216 WdiSystemHost - ok
12:23:06.0938 4216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:23:06.0940 4216 WebClient - ok
12:23:06.0965 4216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:23:06.0967 4216 Wecsvc - ok
12:23:06.0989 4216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:23:06.0991 4216 wercplsupport - ok
12:23:07.0010 4216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:23:07.0011 4216 WerSvc - ok
12:23:07.0034 4216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:23:07.0035 4216 WfpLwf - ok
12:23:07.0054 4216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:23:07.0054 4216 WIMMount - ok
12:23:07.0079 4216 WinDefend - ok
12:23:07.0094 4216 WinHttpAutoProxySvc - ok
12:23:07.0151 4216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:23:07.0152 4216 Winmgmt - ok
12:23:07.0219 4216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:23:07.0230 4216 WinRM - ok
12:23:07.0265 4216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:23:07.0274 4216 Wlansvc - ok
12:23:07.0362 4216 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:23:07.0373 4216 wlidsvc - ok
12:23:07.0403 4216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:23:07.0403 4216 WmiAcpi - ok
12:23:07.0447 4216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:23:07.0448 4216 wmiApSrv - ok
12:23:07.0457 4216 WMPNetworkSvc - ok
12:23:07.0467 4216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:23:07.0469 4216 WPCSvc - ok
12:23:07.0481 4216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:23:07.0483 4216 WPDBusEnum - ok
12:23:07.0497 4216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:23:07.0498 4216 ws2ifsl - ok
12:23:07.0518 4216 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudioDevice_383S(1) C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys
12:23:07.0518 4216 WsAudioDevice_383S(1) - ok
12:23:07.0568 4216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:23:07.0570 4216 wscsvc - ok
12:23:07.0575 4216 WSearch - ok
12:23:07.0630 4216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:23:07.0643 4216 wuauserv - ok
12:23:07.0676 4216 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:23:07.0676 4216 WudfPf - ok
12:23:07.0693 4216 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:23:07.0695 4216 WUDFRd - ok
12:23:07.0718 4216 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:23:07.0720 4216 wudfsvc - ok
12:23:07.0746 4216 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:23:07.0748 4216 WwanSvc - ok
12:23:07.0871 4216 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
12:23:07.0872 4216 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
12:23:07.0879 4216 ================ Scan global ===============================
12:23:07.0911 4216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:23:07.0937 4216 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:23:07.0947 4216 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
12:23:07.0976 4216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:23:08.0013 4216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:23:08.0016 4216 [Global] - ok
12:23:08.0019 4216 ================ Scan MBR ==================================
12:23:08.0031 4216 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:23:08.0234 4216 \Device\Harddisk0\DR0 - ok
12:23:08.0242 4216 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk1\DR1
12:23:08.0246 4216 \Device\Harddisk1\DR1 - ok
12:23:08.0254 4216 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:23:10.0354 4216 \Device\Harddisk2\DR2 - ok
12:23:10.0357 4216 ================ Scan VBR ==================================
12:23:10.0361 4216 [ B57F793D31CCF623B804A8D8D8DA0EDC ] \Device\Harddisk0\DR0\Partition1
12:23:10.0363 4216 \Device\Harddisk0\DR0\Partition1 - ok
12:23:10.0375 4216 [ 9D5F747747876A436A6DD2A9053313BD ] \Device\Harddisk0\DR0\Partition2
12:23:10.0377 4216 \Device\Harddisk0\DR0\Partition2 - ok
12:23:10.0384 4216 [ 04C40CA2A884598A368A36333357A355 ] \Device\Harddisk1\DR1\Partition1
12:23:10.0384 4216 \Device\Harddisk1\DR1\Partition1 - ok
12:23:10.0392 4216 [ 07C84D290B5FBC08FFD11971E0576463 ] \Device\Harddisk2\DR2\Partition1
12:23:10.0393 4216 \Device\Harddisk2\DR2\Partition1 - ok
12:23:10.0396 4216 ============================================================
12:23:10.0396 4216 Scan finished
12:23:10.0396 4216 ============================================================
12:23:10.0408 3320 Detected object count: 1
12:23:10.0408 3320 Actual detected object count: 1
12:23:23.0047 3320 c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll - copied to quarantine
12:23:23.0052 3320 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
12:23:23.0097 3320 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
12:23:23.0298 3320 c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll - will be deleted on reboot
12:23:23.0298 3320 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete 
12:23:35.0093 2224 Deinitialize success

*********************************************************************************************************

Combofix

ComboFix 13-02-06.01 - Terry 02/06/2013 14:36:25.20.2 - x64
Running from: c:\users\Terry\Desktop\username123.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
.
.
2013-02-06 22:51 . 2013-02-06 22:51	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-02-06 22:51 . 2013-02-06 22:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-05 22:45 . 2013-02-05 22:45	39936	----a-w-	c:\windows\SysWow64\drivers\extit.sys
2013-02-05 20:22 . 2013-02-05 20:22	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-02-05 20:22 . 2013-02-05 20:22	208216	----a-w-	c:\windows\system32\drivers\48858316.sys
2013-02-05 15:30 . 2013-02-05 15:30	--------	d-----w-	c:\programdata\IDM
2013-01-29 12:03 . 2012-11-22 00:43	165112	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2013-01-23 04:14 . 2013-02-05 19:33	--------	d-----w-	c:\windows\system32\drivers\N360x64\1402010.016
2013-01-18 16:26 . 2013-01-18 16:25	308640	----a-w-	c:\windows\system32\javaws.exe
2013-01-18 16:26 . 2013-01-18 16:25	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-18 16:26 . 2013-01-18 16:25	188832	----a-w-	c:\windows\system32\javaw.exe
2013-01-18 16:26 . 2013-01-18 16:25	188832	----a-w-	c:\windows\system32\java.exe
2013-01-18 16:21 . 2013-02-05 19:32	--------	d-----w-	c:\program files\Java
2013-01-14 19:12 . 2013-01-12 11:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-09 06:19 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-09 06:18 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 06:18 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-08 20:15 . 2013-01-08 20:15	862776	----a-r-	c:\users\Terry\AppData\Roaming\Microsoft\Installer\{533B3480-EAB6-44DD-B2E4-715E958210E0}\TweetDeck.exe
2013-01-08 18:12 . 2013-01-08 18:12	--------	d-----w-	c:\program files (x86)\TweetDeck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 16:25 . 2012-11-09 16:22	960416	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-18 16:25 . 2012-11-09 16:22	1081760	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-09 11:12 . 2010-09-01 16:14	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 20:24 . 2012-03-31 18:59	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:24 . 2011-06-28 14:41	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 11:00	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:00	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2010-10-28 00:39	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 06:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-22 23:10 . 2012-07-15 01:18	539984	----a-w-	c:\windows\system32\EasyRedirect64.dll
2012-11-22 23:10 . 2012-07-15 01:18	380240	----a-w-	c:\windows\SysWow64\EasyRedirect.dll
2012-11-14 16:47 . 2012-11-14 16:47	177312	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-11-14 07:06 . 2012-12-13 11:02	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 11:02	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 11:02	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 11:02	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 11:02	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 11:02	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 11:02	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 11:02	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 11:02	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 11:02	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 11:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 11:02	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 11:02	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 11:02	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 11:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 11:02	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 11:02	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 11:02	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 11:02	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 11:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 11:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 11:02	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-11 22:14 . 2012-05-13 17:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-11-11 22:14 . 2011-06-23 18:41	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-09 05:45 . 2012-12-13 07:18	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 07:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-09-02 00:40 . 2011-09-02 00:40	1228384	----a-w-	c:\program files (x86)\PremiereElements_9_LS15.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-01-29 3565432]
"Akamai NetSession Interface"="c:\users\Terry\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-11-22 4760400]
"uTorrent"="c:\users\Terry\Downloads\Programs\uTorrent.exe" [2012-12-09 969104]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2012-06-05 822456]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-02-05 13102080]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-01-08 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe" [2010-03-08 41800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07804667.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130205.001\IDSvia64.sys [2013-01-05 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-01-08 140672]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/09/23 16:00];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-17 03:54 148976]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-07-23 72856]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-07-23 383128]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-11-22 3575120]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ Akamai
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 12:17	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 20:24]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-29 02:28]
.
2013-02-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1e1ccc72-7985-445b-878b-49249c4e1042.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7860f2ef-6487-46eb-b8b3-af57b009ab37.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://aol.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files (x86)\FinalVideoDownloader\fvdRunner.html
IE: {{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - c:\program files (x86)\Crawler\Radio\CRadio.exe
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: twitter.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\30ys5cpq.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,e2,e3,98,8a,af,00,05,8f,6d,9e,ce,22,49,15,ee,28,a2,2f,cc,67,
c1,36,b6,7a,54,a6,f7,7f,81,ab,b5,28,ab,56,97,c5,d2,b3,b5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2013-02-06 14:59:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-06 22:59
.
Pre-Run: 685,448,876,032 bytes free
Post-Run: 685,407,641,600 bytes free
.
- - End Of File - - 633F197C3AB9D0477C2EFE84F68B1B68

Thanks!


----------



## eddie5659 (Mar 19, 2001)

> Oh! When I went to disable SuperAntiSpyware, I discovered that under "Hi-Jack" protection, my home page had actually been hijacked somehow - It showed that damned AVGisearch thing. I was able to change it but I wonder if it will default back.


Now that is strange, as I remember seeing it was like that when we removed it. I'll have a word with the developers, and see if its something new they've added. Can you see if uninstalling it removes the homepage?

I tend to use MBAM mostly, but run both as each removes different things on each infection 

As for

c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll

Its actually a legit file:

http://www.akamai.com/html/solutions/client_faq.html

I think even I have it, though if not, my laptop does. However, looks like its back on, as ComboFix shows it as being there.

Looking at the MD5 of the file (each file has its own md5), shows as no hits in a virus scan:

https://www.virustotal.com/file/9ee...a28fd19bddc4a741357caccb7aa07ea2340/analysis/

At the top of the page in a new tab/window is the md5 number 

---

So, see if uninstalling SuperAntiSpyware helps, and either way, can you run OTL and we'll see where we are. Only the one log will appear 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open a notepad window. *OTL.Txt*. This is saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post in your topic


----------



## TerryD55 (Oct 22, 2012)

Shoot, now I wonder if the removal of the Akamai file is the cause of the intermittent keyboard problems I've had the past few days. Random keys will stop working suddenly, and I've tried 2 different keyboards. Grrrr..

Anyway, here's the OTL log. Thanks!

OTL logfile created on: 2/12/2013 5:37:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 46.08% Memory free
11.93 Gb Paging File | 8.81 Gb Available in Paging File | 73.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 640.07 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive D: | 60.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.02 Gb Total Space | 27.60 Gb Free Space | 9.26% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/12 17:36:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2013/02/05 12:52:15 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/01/29 04:00:26 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/08 10:12:50 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TweetDeck\TweetDeck.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 05:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/12/09 15:50:05 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
PRC - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/11/07 16:01:08 | 000,862,776 | ---- | M] () -- C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/30 02:06:18 | 001,945,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/06 15:11:44 | 012,459,888 | ---- | M] () -- C:\Users\Terry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/25 18:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 18:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 18:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 18:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 18:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/09 03:43:22 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/09 03:41:43 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/09 03:41:43 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\e6a6e2678f6215574be155e9088c1a01\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/01/09 03:41:42 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/09 03:41:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:41:22 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 03:41:21 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 03:41:20 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 03:41:18 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013/01/09 03:40:48 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2fde951bac2fe8259fd13df4f05e4023\System.Deployment.ni.dll
MOD - [2013/01/09 03:40:33 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/09 03:26:57 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/09 03:26:53 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:26:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/09 03:26:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/09 03:26:30 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 03:26:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 03:26:27 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 03:26:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 03:26:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 03:26:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 03:26:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/08 10:12:50 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TweetDeck\TweetDeck.exe
MOD - [2012/11/07 16:01:08 | 000,862,776 | ---- | M] () -- C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/09/30 02:11:36 | 000,125,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
MOD - [2010/09/30 02:07:02 | 008,560,576 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtGui4.dll
MOD - [2010/09/30 02:07:00 | 002,386,368 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtCore4.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/07 15:24:21 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/04 17:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/29 00:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/11/21 16:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/11/14 08:47:08 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2012/10/08 17:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2012/10/03 17:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2012/10/03 17:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:*64bit:* - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/09/06 18:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2012/09/06 17:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/08/20 11:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:*64bit:* - [2012/05/24 21:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:*64bit:* - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2013/02/05 11:36:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130212.004\ex64.sys -- (NAVEX15)
DRV - [2013/02/05 11:36:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130212.004\eng64.sys -- (NAVENG)
DRV - [2013/01/15 18:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/04 16:28:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130209.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FD 3A DC C1 E6 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>erride;<local>;<local>;<local>?????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/05 11:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/02/12 14:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 12:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/01/13 17:33:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/01/13 17:33:48 | 000,000,000 | ---D | M]

[2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2012/12/03 16:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/03 15:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.aol.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2013/02/06 14:53:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:*64bit:* - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 15:25:38 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | R-S- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 17:30:16 | 000,039,936 | ---- | C] (CurioLab S.M.B.A.) -- C:\Windows\SysWow64\drivers\extit.sys
[2013/02/12 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Terry\H50
[2013/02/12 15:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/12 07:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2013/02/06 14:53:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/06 14:34:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/06 14:34:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/06 14:34:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/06 14:33:05 | 005,030,751 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\username123.exe
[2013/02/05 12:22:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/05 12:22:08 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48858316.sys
[2013/02/05 07:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/01/29 04:03:10 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/01/18 08:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

========== Files - Modified Within 30 Days ==========

[2013/02/12 17:40:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 17:30:16 | 000,039,936 | ---- | M] (CurioLab S.M.B.A.) -- C:\Windows\SysWow64\drivers\extit.sys
[2013/02/12 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 15:53:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 15:53:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 15:00:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/12 14:54:50 | 000,003,432 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2013/02/12 14:54:50 | 000,001,976 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2013/02/12 14:54:50 | 000,001,976 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2013/02/12 14:49:35 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 14:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/12 14:48:50 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/12 07:31:47 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2013/02/06 14:53:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/06 14:32:34 | 005,030,751 | R--- | M] (Swearware) -- C:\Users\Terry\Desktop\username123.exe
[2013/02/06 14:12:12 | 000,000,859 | ---- | M] () -- C:\Users\Terry\Desktop\TKSKiller - Shortcut.lnk
[2013/02/05 12:52:16 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/02/05 12:22:08 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48858316.sys
[2013/01/23 06:05:21 | 002,247,330 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/23 06:04:40 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/23 05:48:49 | 000,023,808 | ---- | M] () -- C:\{C96E903E-91CE-4649-8731-7A70A58D46A9}
[2013/01/14 08:13:06 | 000,002,262 | ---- | M] () -- C:\Users\Terry\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/02/12 15:00:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/12 07:31:47 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2013/02/06 14:34:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/06 14:34:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/06 14:34:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/06 14:34:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/06 14:34:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 14:12:12 | 000,000,859 | ---- | C] () -- C:\Users\Terry\Desktop\TKSKiller - Shortcut.lnk
[2013/01/23 05:48:49 | 000,023,808 | ---- | C] () -- C:\{C96E903E-91CE-4649-8731-7A70A58D46A9}
[2012/12/30 15:01:18 | 000,033,134 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2012/12/02 13:10:49 | 000,060,931 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_59529.jpg
[2012/12/02 13:05:42 | 000,059,094 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_79958.jpg
[2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 17:18:15 | 000,003,432 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 17:18:15 | 000,001,976 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/03 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\avidemux
[2012/10/15 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Blueberry
[2011/09/01 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/02 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/10/22 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Curiolab
[2013/02/12 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\DMCache
[2012/11/03 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Dropbox
[2012/10/14 11:46:16 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
[2012/10/31 15:41:55 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GetRightToGo
[2012/11/09 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ID Vault
[2013/02/05 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\IDM
[2013/02/05 11:33:19 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\IrfanView
[2013/02/10 07:08:50 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\JLAdventCalendarAlpine2012
[2012/09/23 14:43:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\LogSys
[2012/12/30 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Nolo
[2010/08/29 09:34:53 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\OEM
[2010/08/29 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Packard Bell
[2012/11/02 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PearlMountainSoft
[2012/12/30 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PeerNetworking
[2011/06/29 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Philipp Winterberg
[2011/09/01 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/12/19 14:10:19 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Runscanner.net
[2012/08/15 09:28:17 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\SentryBay
[2012/10/20 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
[2010/11/10 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/02/12 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\uTorrent
[2012/11/01 10:12:31 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Wondershare
[2012/10/04 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Wondershare Video Converter Pro
[2011/03/30 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/03/30 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


----------



## eddie5659 (Mar 19, 2001)

I'll be back later tonight, but lets get that file back, and then I'll look at the OTL log fully 

Can you download this tool:

www.malwareinfo.nl/tools/TDSSQlook.exe

And when you run it, select option A, and post the contents of the TDSSQ.txt here. It will be in the same location as the TDSS Qlook is run from.

eddie


----------



## TerryD55 (Oct 22, 2012)

Thanks, Eddie.

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\object.ini*

[InfectedObject]
Type: Service
Name: Akamai
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k Akamai
Suspicious states: Hidden file;

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.ini*

[InfectedFile]
Type: Raw image
Src: c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
md5: B9B98E08EC127900025F42462D3D0A66

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\object.ini*

[InfectedObject]
Verdict: HiddenFile.Multi.Generic

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\object.ini*

[InfectedObject]
Type: Service
Name: Akamai
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k Akamai
Suspicious states: Hidden file;

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\tsk0000.ini*

[InfectedFile]
Type: Raw image
Src: c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
md5: B9B98E08EC127900025F42462D3D0A66

***** END SCAN Wed 02/13/2013 15:19:05.06 *****


----------



## eddie5659 (Mar 19, 2001)

Was there any more to the log, like a Dir List at the begininning?


----------



## TerryD55 (Oct 22, 2012)

Ah shoot! Did I miss something? I'll run it again, but should mention that I'm first getting an error message, to the effect of "Can't find script engine VBS for user..." and then the log pops up.

*TDSSKiller Quarantine Information log* 
TDSS Qlook Version 1.0.0.5 - Terry - Thu 02/14/2013 - 13:30:30.07.
InstallShield* 6.1.7601 Scripts=disabled 
***** START SCAN Thu 02/14/2013 13:30:31.81 *****

---------- *TDSSKiller logs* ----------

TDSSKiller.2.8.15.0_05.02.2013_12.22.07_log.txt 
TDSSKiller.2.8.15.0_05.02.2013_12.24.55_log.txt 
TDSSKiller.2.8.15.0_06.02.2013_14.06.57_log.txt

---------- *TDSSStarter logs* ----------

---------- *DIR LIST* ----------

C:\TDSSKiller_Quarantine\05.02.2013_12.22.08
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\object.ini
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\object.ini
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\tsk0000.ini

---------- *INI FILES* ----------

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\object.ini*

[InfectedObject]
Verdict: HiddenFile.Multi.Generic

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\object.ini*

[InfectedObject]
Type: Service
Name: Akamai
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k Akamai
Suspicious states: Hidden file;

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.ini*

[InfectedFile]
Type: Raw image
Src: c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
md5: B9B98E08EC127900025F42462D3D0A66

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\object.ini*

[InfectedObject]
Verdict: HiddenFile.Multi.Generic

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\object.ini*

[InfectedObject]
Type: Service
Name: Akamai
Type: n/a (0x110)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k Akamai
Suspicious states: Hidden file;

=== *C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0001\svc0000\tsk0000.ini*

[InfectedFile]
Type: Raw image
Src: c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
md5: B9B98E08EC127900025F42462D3D0A66

***** END SCAN Thu 02/14/2013 13:30:31.99 *****


----------



## eddie5659 (Mar 19, 2001)

Okay, lets firstly make sure that the restore of the file works, and then we'll look at the script problem 

Can you re-run TDSSQlook again, but this time select option B

Copy/paste the following into the Notepad window that appears (make sure to copy all the line, so that the end has the following: *.../netsession_win_ce5ba24.dll*) Tried to use Quote, but it adds extra spaces, so have to use code instead 


```
COPY "C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.dta" c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
```
And close the Window, and the script will be run.

Reboot, and post a fresh scan, selecting option A again, and post the log.

eddie


----------



## TerryD55 (Oct 22, 2012)

I'm getting an error message because my system doesn't recognize .dta files.


----------



## eddie5659 (Mar 19, 2001)

Did you mange to restore the file as above, or is that happening when you try and run the program?

If its with the tool, can you tell me if its when you start it up, or if at a different stage.

I'll see what the developer says about it.


----------



## TerryD55 (Oct 22, 2012)

So, what happens is, I type in the B and then hit enter, and the notepad opens up. I paste the code there and save and close it. Then the error message pops up right after that. Am I skipping something? Or doing something I shouldn't?


----------



## eddie5659 (Mar 19, 2001)

Is it all as one long line like this. I've not put it in code this time:



> COPY "C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.dta" c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll


Ah, I can see what's happening!!

When I'm in edit, the line is complete, but when i click Submit, some has a gap.

Let me try something...

Okay, if you look at the above, you will see that there is a gap here:

tsk0000. dta

But not when I'm in edit.

So, uploaded a txt file with it, make sure that the line that has the gap above, actually looks like this:

tsk0000.dta


----------



## TerryD55 (Oct 22, 2012)

OK, the good news is I didn't get the error message. The bad news is that I'm now getting a warning saying the input.text is too small and to hit any key to continue. When I do that, it takes me right back to the menu. I feel like I'm doing something wrong - I just don't know what.


----------



## eddie5659 (Mar 19, 2001)

Okay, having a word with the developer. In the meantime, can you try it with the one I've typed below:


COPY "C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.dta" c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll


But, before closing the window, see if you can remove the space here:

tsk0000. dta

so its:

tsk0000.dta


For some reason, the forum won't allow me to put this as a full line, so the manual approach may be needed


----------



## TerryD55 (Oct 22, 2012)

Nope. I'm still getting the " Windows can't open this file: tsk0000.dta" Just to be certain I'm not making a mistake, I should be entering B, then pasting this into the notepad that pops up:

"C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000.dta" 
c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll


----------



## eddie5659 (Mar 19, 2001)

Make sure its all one line, and that the gap has been removed from the 'tsk0000.dta'.

So its

COPY "C:\TDSSKiller_Quarantine\05.02.2013_12.22.08\susp0000\svc0000\tsk0000. dta" c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll

So, I've grabbed a screenshot:


----------



## TerryD55 (Oct 22, 2012)

OK, I'd been trying it with and without the word "Copy." When I did it without, I got the error message about the dta file. When include the word "Copy," saved and close Notepad, the blue screen pops up (blank) for just and instant, but that's all that happens. Nothing runs. I've checked to see which applications are running, just to confirm that it's not doing anything in the background that's I'm not detecting.


----------



## eddie5659 (Mar 19, 2001)

Just sent the developer a message and checking with others as to what can be causing it not to work.

It seems to be stuck on the dta part, which I know the forum software here puts that blasted space in that shouldn't be there. I know you've removed the space, just trying to sort this out for you. There may be another way, again, I'm just getting confirmation and will reply as soon as I can


----------



## TerryD55 (Oct 22, 2012)

Yep, I definitely made sure the space was gone. Thank you for putting so much effort in!


----------



## eddie5659 (Mar 19, 2001)

Okay, been speaking to a few people, and we don't need to restore that file.

Sorry about the issues with restoring it, but I've also managed to find out new ways to restore files, so in the future it should be a lot easier for others.

When you next download a program that uses Akamai netsession, it will automatically install it (hopefully after asking for permission).

I know you say you're having keyboard problems, but is it with a particular program?

We can uninstall it fully in AddRemove Programs via the Control Panel, called:

*akamai net session*

----

As its been a week or so since the last OTL log, can you re-run it and post a fresh log


----------



## TerryD55 (Oct 22, 2012)

Thanks Eddie. Should I run the quick or full scan? The keyboard issue seems to primarily pop up when/after I've used VideoLan VLC player. Suddenly, I'll lose usage of the lower case "a." Often if I reboot, it returns to normal, and the recently the issue occurred when I hadn't used that program. However, I would say that 99% of the time VLC seems to be triggering it.


----------



## TerryD55 (Oct 22, 2012)

In case this works, here's the Quick Scan:

OTL logfile created on: 2/28/2013 1:01:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 55.61% Memory free
11.93 Gb Paging File | 9.11 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 638.53 Gb Free Space | 69.58% Space Free | Partition Type: NTFS
Drive D: | 60.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.02 Gb Total Space | 22.70 Gb Free Space | 7.62% Space Free | Partition Type: FAT32
Drive H: | 15.10 Gb Total Space | 7.48 Gb Free Space | 49.54% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 21:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/15 05:07:08 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/02/12 17:36:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2013/02/05 12:52:15 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/01/08 10:12:50 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TweetDeck\TweetDeck.exe
PRC - [2012/12/23 19:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 05:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/12/09 15:50:05 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/30 02:06:18 | 001,945,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/07 23:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/20 21:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll
MOD - [2013/02/20 21:23:43 | 012,637,136 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
MOD - [2013/02/20 21:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
MOD - [2013/02/20 21:22:51 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libglesv2.dll
MOD - [2013/02/20 21:22:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\libegl.dll
MOD - [2013/02/20 21:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll
MOD - [2013/02/13 03:13:01 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b362975753a31559874bea5609e59c\System.Deployment.ni.dll
MOD - [2013/02/13 03:05:46 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:43:22 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/09 03:41:43 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/09 03:41:43 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\e6a6e2678f6215574be155e9088c1a01\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/01/09 03:41:42 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/09 03:41:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:41:22 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 03:41:21 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 03:41:20 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 03:41:18 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013/01/09 03:40:33 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/09 03:26:57 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/09 03:26:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/09 03:26:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/09 03:26:30 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 03:26:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 03:26:27 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 03:26:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 03:26:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 03:26:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 03:26:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/08 10:12:50 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TweetDeck\TweetDeck.exe
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll
MOD - [2010/09/30 02:11:36 | 000,125,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
MOD - [2010/09/30 02:07:02 | 008,560,576 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtGui4.dll
MOD - [2010/09/30 02:07:00 | 002,386,368 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtCore4.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 12:24:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/23 19:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 00:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/23 15:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 15:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/05/18 19:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 00:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 00:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/01/30 19:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2013/01/30 19:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2013/01/28 17:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2013/01/28 17:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:*64bit:* - [2013/01/21 18:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:*64bit:* - [2012/11/21 16:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/11/15 18:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2012/11/15 18:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:*64bit:* - [2012/11/14 08:47:08 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2012/09/13 11:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/17 15:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 14:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2013/02/05 11:36:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130228.003\ex64.sys -- (NAVEX15)
DRV - [2013/02/05 11:36:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130228.003\eng64.sys -- (NAVENG)
DRV - [2013/01/15 18:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/04 16:28:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130227.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/23 15:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 19:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FD 3A DC C1 E6 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>erride;<local>;<local>;<local>?????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/05 11:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/02/28 12:52:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 12:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 11:24:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 11:24:21 | 000,000,000 | ---D | M]

[2012/09/21 13:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2012/12/03 16:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 03:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/03 15:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 00:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 00:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 00:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: PriceBlink = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.5_0\
CHR - Extension: __MSG_buttonTitle__ = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg\1.0.7_0\
CHR - Extension: Easy Clock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: AdBlock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: TweetDeck = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.6.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.0.26_0\
CHR - Extension: Read Your AOL Mail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\

O1 HOSTS File: ([2013/02/06 14:53:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:*64bit:* - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 15:25:38 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | R-S- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/28 12:50:07 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/02/28 12:48:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/02/28 12:48:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/28 12:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/02/28 12:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/02/28 12:45:28 | 000,000,000 | R--D | C] -- C:\Users\Terry\SkyDrive
[2013/02/28 12:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/02/28 12:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/02/17 14:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tempdir
[2013/02/17 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/02/17 14:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/02/16 03:02:35 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/02/12 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Terry\H50
[2013/02/12 15:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/12 07:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2013/02/06 14:53:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/06 14:34:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/06 14:34:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/06 14:34:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/06 14:33:05 | 005,030,751 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\username123.exe
[2013/02/05 12:22:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/05 12:22:08 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48858316.sys
[2013/02/05 07:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2011/09/01 19:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 16:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

========== Files - Modified Within 30 Days ==========

[2013/02/28 12:59:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 12:59:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 12:58:11 | 000,003,432 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2013/02/28 12:58:11 | 000,001,976 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2013/02/28 12:58:11 | 000,001,976 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2013/02/28 12:52:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 12:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 12:52:08 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/28 12:40:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 12:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 03:19:25 | 002,446,944 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/02/26 23:07:43 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/02/20 12:56:00 | 000,013,412 | ---- | M] () -- C:\Users\Terry\Desktop\TDSSQlook - Shortcut.lnk
[2013/02/17 14:25:13 | 000,001,115 | ---- | M] () -- C:\Users\Terry\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/02/14 09:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/02/13 09:50:20 | 000,216,184 | ---- | M] () -- C:\Users\Terry\Documents\Soccer star.pdf
[2013/02/13 03:33:20 | 000,502,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 03:04:31 | 000,793,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/13 03:04:31 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/13 03:04:31 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/12 15:00:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/12 07:31:47 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2013/02/06 14:53:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/06 14:32:34 | 005,030,751 | R--- | M] (Swearware) -- C:\Users\Terry\Desktop\username123.exe
[2013/02/06 14:12:12 | 000,000,859 | ---- | M] () -- C:\Users\Terry\Desktop\TKSKiller - Shortcut.lnk
[2013/02/05 12:52:16 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/02/05 12:22:08 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\48858316.sys
[2013/01/31 19:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/01/31 19:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/01/30 19:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/01/30 19:18:11 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet.inf
[2013/01/30 19:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys
[2013/01/30 19:18:06 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symvtcer.dat
[2013/01/30 19:18:06 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.cat
[2013/01/30 19:18:06 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa.inf
[2013/01/30 19:17:58 | 000,007,581 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.cat

========== Files Created - No Company Name ==========

[2013/02/28 12:49:49 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/02/28 12:49:29 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/02/28 12:49:14 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/02/28 12:49:00 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/02/28 12:45:27 | 000,002,164 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/02/20 12:56:00 | 000,013,412 | ---- | C] () -- C:\Users\Terry\Desktop\TDSSQlook - Shortcut.lnk
[2013/02/17 14:25:13 | 000,001,115 | ---- | C] () -- C:\Users\Terry\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/02/17 14:25:12 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2013/02/17 14:25:12 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2013/02/17 14:25:12 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll
[2013/02/17 14:25:12 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2013/02/13 09:50:19 | 000,216,184 | ---- | C] () -- C:\Users\Terry\Documents\Soccer star.pdf
[2013/02/12 15:00:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/12 07:31:47 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2013/02/06 14:34:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/06 14:34:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/06 14:34:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/06 14:34:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/06 14:34:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 14:12:12 | 000,000,859 | ---- | C] () -- C:\Users\Terry\Desktop\TKSKiller - Shortcut.lnk
[2012/12/30 15:01:18 | 000,033,134 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2012/12/02 13:10:49 | 000,060,931 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_59529.jpg
[2012/12/02 13:05:42 | 000,059,094 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_79958.jpg
[2012/11/01 16:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/10 15:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/05 12:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 12:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 07:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 21:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 17:18:15 | 000,003,432 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 17:18:15 | 000,001,976 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/03/07 07:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 15:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 15:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 15:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 15:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 15:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 19:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 08:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 08:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 09:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 14:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 16:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/03 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\avidemux
[2012/10/15 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Blueberry
[2011/09/01 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/02 19:37:28 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/10/22 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Curiolab
[2013/02/28 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\DMCache
[2012/11/03 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Dropbox
[2012/10/14 11:46:16 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\FinalVideoDownloader
[2012/10/31 15:41:55 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\GetRightToGo
[2012/11/09 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ID Vault
[2013/02/20 11:23:50 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\IDM
[2013/02/05 11:33:19 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\IrfanView
[2013/02/10 07:08:50 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\JLAdventCalendarAlpine2012
[2012/09/23 14:43:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\LogSys
[2012/12/30 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Nolo
[2010/08/29 09:34:53 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\OEM
[2010/08/29 10:44:11 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Packard Bell
[2012/11/02 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PearlMountainSoft
[2012/12/30 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PeerNetworking
[2011/06/29 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Philipp Winterberg
[2011/09/01 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/12/19 14:10:19 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Runscanner.net
[2012/08/15 09:28:17 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\SentryBay
[2012/10/20 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\TuneUp Software
[2010/11/10 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/02/28 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\uTorrent
[2012/11/01 10:12:31 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Wondershare
[2012/10/04 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\Wondershare Video Converter Pro
[2011/03/30 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/03/30 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Terry\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


----------



## eddie5659 (Mar 19, 2001)

> Thanks Eddie. Should I run the quick or full scan? The keyboard issue seems to primarily pop up when/after I've used VideoLan VLC player. Suddenly, I'll lose usage of the lower case "a." Often if I reboot, it returns to normal, and the recently the issue occurred when I hadn't used that program. However, I would say that 99% of the time VLC seems to be triggering it.


With regards to the VLC program, there are entries in the log you posted that may be the reason for the issue. Have you uninstalled *akamai net session* from the Control Panel?

Re-installing VLC player may also help. As some versions don't work with some computers, lets get the version you have already. Do you know the version? If not, its normally in the menu's at the top of the player, say Help | About, or maybe in the Options. Don't have it myself 

Once you find the version, get it from here, and uninstall the old one and reinstall the new one:

This is the latest:

http://www.videolan.org/vlc/download-windows.html

And this is the older versions:

http://download.videolan.org/pub/videolan/vlc/

--------

Then, when its installed, do the following with OTL:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FD 3A DC C1 E6 CD 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>erride;<local>;<local>;<local>?????????????????????????????????????; <local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local >;<local>;<local>
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
:Reg
:Files
ipconfig /flushdns /c
:Commands 
[purity]
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


----------



## TerryD55 (Oct 22, 2012)

Yes, I had uninstalled akamai net session back when it was flagged as a threat. Should I reinstall it? Also, I currently have the VLC 2.05 version and I'm trying to remember if the problem started when I updated it. Hmmm...maybe I should go back to an older version?


----------



## eddie5659 (Mar 19, 2001)

You don't need to re-install it, as it gets installed when a new program you install needs it 

You could go back to a earlier version. I know that the latest VLC has had a few problems, mainly that it can have issues with Windows 8.

This is a link with all versions in:

http://download.videolan.org/pub/videolan/vlc/

So, if you look at the very bottom, say 2.0.4 and click on it, it goes to this:

http://download.videolan.org/pub/videolan/vlc/2.0.4/

Now, it depends on the version of Windows you have. I know you have a 64-bit system, as the OTL log just above has this:

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found

Note the FF:64bit at the beginning 

Click on Win64:

http://download.videolan.org/pub/videolan/vlc/2.0.4/win64/

and download either the exe or zip file. Don't bother with the 7z as its a different compression, and the xpi is an extension for browsing.

vlc-2.0.4-win64.exe
vlc-2.0.4-win64.zip

But, that's just the 2.0.4. Others should have the same options


----------



## TerryD55 (Oct 22, 2012)

I don't want to get to excited, but right now, I've got the new (old) version of VLC running and I'm still able to use all of my keys. ; )


----------



## eddie5659 (Mar 19, 2001)

Good to hear :up:

If you can do the OTL part above, we'll then triple-check for any other Isearch still showing


----------



## TerryD55 (Oct 22, 2012)

Here you go!

OTL logfile created on: 3/10/2013 3:13:52 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.33 Gb Available Physical Memory | 72.58% Memory free
11.93 Gb Paging File | 10.21 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 636.58 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive D: | 60.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.02 Gb Total Space | 22.86 Gb Free Space | 7.67% Space Free | Partition Type: FAT32
Drive H: | 15.10 Gb Total Space | 6.53 Gb Free Space | 43.22% Space Free | Partition Type: FAT32

Computer Name: TERRY-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/15 06:07:08 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/02/12 18:36:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terry\Downloads\Programs\OTL.exe
PRC - [2013/02/05 13:52:15 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 06:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/12/09 16:50:05 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Terry\Downloads\Programs\uTorrent.exe
PRC - [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/09/28 10:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/07/23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011/05/18 20:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/05/12 01:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/05/12 01:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/30 03:06:18 | 001,945,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 04:13:01 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b362975753a31559874bea5609e59c\System.Deployment.ni.dll
MOD - [2013/02/13 04:05:46 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/09 04:43:22 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/09 04:41:43 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/09 04:41:43 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\e6a6e2678f6215574be155e9088c1a01\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/01/09 04:41:42 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/09 04:41:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:41:22 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 04:41:21 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 04:41:20 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 04:41:18 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013/01/09 04:40:33 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/09 04:26:57 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/09 04:26:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/09 04:26:33 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/09 04:26:30 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:26:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 04:26:27 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 04:26:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:26:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 04:26:20 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:26:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/08 11:12:50 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TweetDeck\TweetDeck.exe
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll
MOD - [2010/09/30 03:11:36 | 000,125,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
MOD - [2010/09/30 03:07:02 | 008,560,576 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtGui4.dll
MOD - [2010/09/30 03:07:00 | 002,386,368 | ---- | M] () -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\QtCore4.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV:*64bit:* - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 13:24:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 01:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/07/23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2011/05/18 20:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 01:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 01:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/01/30 20:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2013/01/30 20:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2013/01/28 18:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2013/01/28 18:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:*64bit:* - [2013/01/21 19:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:*64bit:* - [2012/11/21 17:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:*64bit:* - [2012/11/15 19:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2012/11/15 19:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:*64bit:* - [2012/11/14 09:47:08 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2012/09/13 12:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/17 16:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/12/09 02:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/25 13:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:*64bit:* - [2006/11/29 15:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2013/02/05 12:36:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130309.003\ex64.sys -- (NAVEX15)
DRV - [2013/02/05 12:36:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130309.003\eng64.sys -- (NAVENG)
DRV - [2013/01/15 19:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/04 17:28:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130308.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/23 16:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2011/05/18 20:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/05/16 20:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/09/23 16:00:52] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FD 3A DC C1 E6 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {04214EC9-F125-46DE-8ABE-91393E50D45C}
IE - HKCU\..\SearchScopes\{04214EC9-F125-46DE-8ABE-91393E50D45C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>erride;<local>;<local>;<local>?????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Terry\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES (X86)\AOL\DATAMASK BY AOL\FFEXT
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/05 12:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/03/10 14:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 13:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 12:24:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Terry\AppData\Roaming\IDM\idmmzcc5 [2013/02/20 12:24:21 | 000,000,000 | ---D | M]

[2012/09/21 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2012/12/03 17:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 04:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/12/03 16:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/29 01:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 01:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 01:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.aol.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: PriceBlink = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.5_0\
CHR - Extension: __MSG_buttonTitle__ = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg\1.0.7_0\
CHR - Extension: Easy Clock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: AdBlock = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: TweetDeck = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.7.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.0.26_0\
CHR - Extension: Read Your AOL Mail = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\

O1 HOSTS File: ([2013/02/06 15:53:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe (Easy Hide IP)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Users\Terry\Downloads\Programs\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:*64bit:* - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\EasyRedirect64.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: twitter.com ([]https in Trusted sites)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 16:25:38 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008/12/21 08:18:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | R-S- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/03/10 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\vlc
[2013/03/09 11:21:01 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Terry\AppData\Local\BcsKtYcHW.dll
[2013/03/09 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina  Print Savings
[2013/03/09 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Catalina  Print Savings
[2013/02/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/02/28 13:48:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/02/28 13:48:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013/02/28 13:48:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/28 13:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/02/28 13:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/02/28 13:46:45 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/02/28 13:46:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/02/28 13:46:45 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/02/28 13:46:45 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/02/28 13:46:45 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/02/28 13:46:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/02/28 13:46:40 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/02/28 13:46:40 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/02/28 13:45:28 | 000,000,000 | R--D | C] -- C:\Users\Terry\SkyDrive
[2013/02/28 13:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/02/28 13:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/02/28 12:15:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/28 12:15:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/28 12:15:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/28 12:15:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/27 13:24:08 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/27 04:01:22 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 04:01:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 04:01:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 04:01:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 04:01:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 04:01:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 04:01:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 04:01:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 04:01:14 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 04:01:14 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 04:01:14 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 04:01:14 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 04:01:14 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 04:01:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 04:01:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 04:01:14 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 04:01:14 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 04:01:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 04:01:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 04:01:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 04:01:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 04:01:12 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 04:01:12 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 04:01:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 04:01:12 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 04:01:12 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 04:01:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 04:01:12 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 04:01:12 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 04:01:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 04:01:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 04:01:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 04:01:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 04:01:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 04:01:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 04:01:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 04:01:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 04:01:11 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 04:01:11 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 04:01:11 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 04:01:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/17 15:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tempdir
[2013/02/17 15:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/02/17 15:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/02/16 04:02:35 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/02/13 04:01:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/13 04:01:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/13 04:01:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/13 04:01:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/13 04:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/13 04:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/13 04:01:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/13 04:01:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/13 04:01:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/13 04:01:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/13 04:01:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 04:01:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 04:01:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 04:01:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 04:01:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 19:52:37 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 19:52:35 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 19:52:34 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 19:52:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 19:52:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 19:52:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 19:52:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 19:52:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 19:52:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/12 19:52:24 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/12 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Terry\H50
[2013/02/12 08:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP
[2011/09/01 20:16:35 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Terry\PhotoshopElements_9_LS15.exe
[2011/09/01 17:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PremiereElements_9_LS15.exe

========== Files - Modified Within 30 Days ==========

[2013/03/10 15:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 15:13:31 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/10 14:40:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 14:11:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:11:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:09:46 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 14:09:46 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 14:09:46 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 14:05:52 | 000,003,432 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2013/03/10 14:05:52 | 000,001,976 | ---- | M] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2013/03/10 14:05:52 | 000,001,976 | ---- | M] () -- C:\Windows\SysNative\EasyRedirectOff.ini
[2013/03/10 14:03:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 14:03:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 14:03:33 | 509,480,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/09 11:21:01 | 002,148,152 | ---- | M] (Catalina Marketing Corp) -- C:\Users\Terry\AppData\Local\BcsKtYcHW.dll
[2013/03/09 11:21:01 | 000,915,073 | ---- | M] () -- C:\Users\Terry\AppData\Local\a.zip
[2013/02/28 12:15:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/28 12:15:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/28 12:15:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/28 12:15:04 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/28 12:15:04 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/28 12:15:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/27 13:24:13 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 13:24:13 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/27 13:24:08 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/02/27 04:19:25 | 002,446,944 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/02/27 00:07:43 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/02/20 13:56:00 | 000,013,412 | ---- | M] () -- C:\Users\Terry\Desktop\TDSSQlook - Shortcut.lnk
[2013/02/17 15:25:13 | 000,001,115 | ---- | M] () -- C:\Users\Terry\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/02/14 10:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/02/13 10:50:20 | 000,216,184 | ---- | M] () -- C:\Users\Terry\Documents\Soccer star.pdf
[2013/02/13 04:33:20 | 000,502,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 08:31:47 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk

========== Files Created - No Company Name ==========

[2013/03/10 14:14:42 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/09 11:20:58 | 000,915,073 | ---- | C] () -- C:\Users\Terry\AppData\Local\a.zip
[2013/02/28 13:49:49 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/02/28 13:49:29 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/02/28 13:49:14 | 000,001,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/02/28 13:49:00 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/02/28 13:45:27 | 000,002,164 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/02/20 13:56:00 | 000,013,412 | ---- | C] () -- C:\Users\Terry\Desktop\TDSSQlook - Shortcut.lnk
[2013/02/17 15:25:13 | 000,001,115 | ---- | C] () -- C:\Users\Terry\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/02/17 15:25:12 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2013/02/17 15:25:12 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2013/02/17 15:25:12 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll
[2013/02/17 15:25:12 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2013/02/13 10:50:19 | 000,216,184 | ---- | C] () -- C:\Users\Terry\Documents\Soccer star.pdf
[2013/02/12 08:31:47 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Easy-Hide-IP.lnk
[2013/02/06 15:34:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/06 15:34:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/06 15:34:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/06 15:34:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/06 15:34:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/30 16:01:18 | 000,033,134 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\UserTile.png
[2012/12/02 14:10:49 | 000,060,931 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_59529.jpg
[2012/12/02 14:05:42 | 000,059,094 | ---- | C] () -- C:\Users\Terry\final_bstSnapshot_79958.jpg
[2012/11/01 17:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2012/10/10 16:33:08 | 000,228,763 | ---- | C] () -- C:\Users\Terry\Charlotte crime.jpg
[2012/10/05 13:35:00 | 000,221,578 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/10/05 13:35:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/28 08:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/08/13 22:36:38 | 000,000,000 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\wklnhst.dat
[2012/07/14 18:18:15 | 000,003,432 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/07/14 18:18:15 | 000,001,976 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/03/07 08:52:57 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 16:58:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/05 16:58:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/10/05 16:58:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/05 16:58:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/05 16:58:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/04 20:23:06 | 000,228,480 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/01 09:25:13 | 1882,670,620 | ---- | C] () -- C:\Users\Terry\PhotoshopElements_9_LS15.7z
[2011/09/01 09:25:04 | 1316,066,539 | ---- | C] () -- C:\Program Files (x86)\PremiereElements_9_LS15.7z
[2011/07/25 10:41:47 | 000,007,168 | ---- | C] () -- C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 15:04:06 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/01 17:41:36 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\netjoin.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Do you have an antivirus running? If so, which one is it?

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 FD 3A DC C1 E6 CD 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>erride;<local>;<local>;<local>?????????????????????????????????????; <local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local >;<local>;<local>
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html File not found
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files (x86)\Crawler\Radio\CRadio.exe File not found
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
ipconfig /flushdns /c
:Commands 
[purity]
[emptytemp] 
[emptyjava]
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

--------

Then, can you re-run OTL so I can see what's left 

But, before you run it, do this:


When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

And post both logs.

------------

Also, not sure if you still have it but just in case you don't, can you get SystemLook from here and run with the following code:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*Isearch*
:folderfind
*Isearch*
:regfind
Isearch
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## TerryD55 (Oct 22, 2012)

Sorry Eddie! I missed this email in my inbox at first and then got so busy. I don't remember having problems running OTL before, but I can't get it to respond when I paste that code in. I tried disabling my Norton 360 because I couldn't remember if I needed to do that or not, but still nothing. I did run the SystemLook though:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:33 on 31/03/2013 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Isearch*"
No files found.

========== folderfind ==========

Searching for "*Isearch*"
No folders found.

========== regfind ==========

Searching for "Isearch"
[HKEY_CURRENT_USER\Software\DownloadManager\1524]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-4.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1524]
"owWPage"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-4.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1530]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1530]
"Cookie"="__gads=ID=7a5a6ced2fcddab1:T=1360094024:S=ALNI_MaKYiqfQrVsPezHYywtytY1zPvBeQ; __qca=P0-1174246948-1360095615951; session_id=48b0b999f759540c481bec29b1567acd; itemMarking_forums_items=eJyrVjI0NDE2NVSyMjQ2MzC0sDQ1M9NRMja3NDQwh4gZXDCFDA1qAbKjCJc%2C; __utma=125027033.1018453330.1360093986.1360093986.1360189489.2; __utmb=125027033.2.10.1360189489; __utmc=125027033; __utmz=125027033.1360189489.2.2.utmcsr=forums.techguy.org|utmccn=(referral)|utmcmd=referral|utmcct=/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1530]
"U0_c"="__gads=ID=7a5a6ced2fcddab1:T=1360094024:S=ALNI_MaKYiqfQrVsPezHYywtytY1zPvBeQ; __qca=P0-1174246948-1360095615951; session_id=48b0b999f759540c481bec29b1567acd; itemMarking_forums_items=eJyrVjI0NDE2NVSyMjQ2MzC0sDQ1M9NRMja3NDQwh4gZXDCFDA1qAbKjCJc%2C; __utma=125027033.1018453330.1360093986.1360093986.1360189489.2; __utmb=125027033.2.10.1360189489; __utmc=125027033; __utmz=125027033.1360189489.2.2.utmcsr=forums.techguy.org|utmccn=(referral)|utmcmd=referral|utmcct=/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1579]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_CURRENT_USER\Software\DownloadManager\1579]
"owWPage"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isearch.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}]
@="Content Index ISearch Creator Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}]
@="ISearchRoot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{09BC8657-D9B4-4267-A2BA-39E348FB0F4E}]
@="ISearchProtocolUrl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F4B60F2-C6F6-4007-BCE2-297F1C5766B6}]
@="ISearchCatalogManagerInternal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6292F7AD-4E19-4717-A534-8FC22BCD5CCD}]
@="ISearchCrawlScopeManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AF6E03F-D664-4EF4-9626-F7E0ED36755E}]
@="ISearchBoxInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}]
@="ISearchJob"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7AC3286D-4D1D-4817-84FC-C1C85E3AF0D9}]
@="ISearchCatalogManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}]
@="ISearchCompletedCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9838AAB6-32FD-455A-823D-83CFE06E4D48}]
@="ISearchBoxSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}]
@="ISearchLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}]
@="ISearchFolderItemFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A2FFDF9B-4758-4F84-B729-DF81A1A0612F}]
@="ISearchPersistentItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}]
@="ISearchCompletedCallbackArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}]
@="ISearchCatalogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF53}]
@="ISearchScopeRule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}]
@="ISearchCrawlScopeManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF58}]
@="ISearchItemsChangedSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF69}]
@="ISearchManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651A6-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchSchema"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AD-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AE-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651AF-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAdmin3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651DA-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchAccessList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B05651F3-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbAdmin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B056520F-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchHelp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565210-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565211-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565212-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565213-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchNameAndDescriptionObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565214-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565215-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchColumnObj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565216-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfigs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B0565217-9B10-425E-B616-1FCD828DB3B1}]
@="ISearchOleDbConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B5702E61-E75C-4B64-82A1-6CB4F832FCCF}]
@="ISearchNotifyInlineSite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{C0A6C367-C264-4385-A704-9088BDC3640E}]
@="ISearchIDListFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}]
@="ISearchResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E273680B-DA13-4F99-97D1-5C90E3E816F3}]
@="ISearchLocate"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1524]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-4.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1524]
"owWPage"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-4.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1530]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1530]
"Cookie"="__gads=ID=7a5a6ced2fcddab1:T=1360094024:S=ALNI_MaKYiqfQrVsPezHYywtytY1zPvBeQ; __qca=P0-1174246948-1360095615951; session_id=48b0b999f759540c481bec29b1567acd; itemMarking_forums_items=eJyrVjI0NDE2NVSyMjQ2MzC0sDQ1M9NRMja3NDQwh4gZXDCFDA1qAbKjCJc%2C; __utma=125027033.1018453330.1360093986.1360093986.1360189489.2; __utmb=125027033.2.10.1360189489; __utmc=125027033; __utmz=125027033.1360189489.2.2.utmcsr=forums.techguy.org|utmccn=(referral)|utmcmd=referral|utmcct=/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1530]
"U0_c"="__gads=ID=7a5a6ced2fcddab1:T=1360094024:S=ALNI_MaKYiqfQrVsPezHYywtytY1zPvBeQ; __qca=P0-1174246948-1360095615951; session_id=48b0b999f759540c481bec29b1567acd; itemMarking_forums_items=eJyrVjI0NDE2NVSyMjQ2MzC0sDQ1M9NRMja3NDQwh4gZXDCFDA1qAbKjCJc%2C; __utma=125027033.1018453330.1360093986.1360093986.1360189489.2; __utmb=125027033.2.10.1360189489; __utmc=125027033; __utmz=125027033.1360189489.2.2.utmcsr=forums.techguy.org|utmccn=(referral)|utmcmd=referral|utmcct=/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1579]
"Referer"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\DownloadManager\1579]
"owWPage"="http://forums.techguy.org/virus-other-malware-removal/1073590-unable-remove-isearch-avg-virus-5.html"
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg.com\isearch]
[HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isearch.com]

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

That's okay, I was away most of Easter, so playing catchup myself 

OTL seems to be having a few problems lately. Can you delete the one you have, and get a fresh one from here, and see if you can run the code again:

Download *OTL* to your Desktop

----

If still no joy, can you try OTS for me, and we'll remove the entries that way:

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## TerryD55 (Oct 22, 2012)

I still had problems with OTL so I ran OTS as you suggested.


```
OTS logfile created on: 4/7/2013 4:42:06 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Terry\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 24.00% Memory free
12.00 Gb Paging File | 6.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 632.45 Gb Free Space | 68.91% Space Free | Partition Type: NTFS
Drive D: | 60.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.02 Gb Total Space | 19.45 Gb Free Space | 6.53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TERRY-PC
Current User Name: Terry
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Terry\Downloads\Programs\OTS.exe -> [2013/04/07 16:40:26 | 000,646,656 | ---- | M] (OldTimer Tools)
tweetdeck.exe -> C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe -> [2013/03/27 10:54:31 | 000,887,800 | ---- | M] ()
idman.exe -> C:\Program Files (x86)\Internet Download Manager\IDMan.exe -> [2013/03/22 01:37:16 | 003,573,624 | ---- | M] (Tonec Inc.)
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -> [2013/03/21 15:50:35 | 001,312,720 | ---- | M] (Google Inc.)
hd-service.exe -> C:\Program Files (x86)\BlueStacks\HD-Service.exe -> [2013/03/15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.)
hd-sharedfolder.exe -> C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe -> [2013/03/15 18:31:24 | 000,366,456 | ---- | M] (BlueStack Systems)
hd-blockdevice.exe -> C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe -> [2013/03/15 18:31:16 | 000,260,472 | ---- | M] (BlueStack Systems)
hd-network.exe -> C:\Program Files (x86)\BlueStacks\HD-Network.exe -> [2013/03/15 18:31:12 | 000,376,696 | ---- | M] (BlueStack Systems)
i_view32.exe -> C:\Program Files (x86)\IrfanView\i_view32.exe -> [2013/03/10 15:53:56 | 000,585,912 | ---- | M] (Irfan Skiljan)
twcapp.exe -> C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe -> [2013/02/05 13:52:15 | 013,102,080 | ---- | M] (The Weather Channel)
tweetdeck.exe -> C:\Program Files (x86)\TweetDeck\TweetDeck.exe -> [2013/01/08 11:12:50 | 000,142,336 | ---- | M] ()
iemonitor.exe -> C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe -> [2012/12/12 06:44:48 | 000,268,248 | ---- | M] (Tonec Inc.)
easyredirect.exe -> C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -> [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech)
panprocess.exe -> C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe -> [2012/09/28 10:25:56 | 000,586,904 | ---- | M] (PandoraTV)
pandoraservice.exe -> C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -> [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV)
revouninstaller.exe -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -> [2012/05/14 11:55:06 | 003,150,928 | ---- | M] (VS Revo Group)
photoshopelementseditor.exe -> C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe -> [2011/11/22 10:12:07 | 033,228,136 | ---- | M] (Adobe Systems Incorporated)
clmsserver.exe -> C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -> [2011/05/12 01:09:36 | 000,312,616 | ---- | M] (CyberLink)
aam updates notifier.exe -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe -> [2010/07/29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated)
updaterservice.exe -> C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -> [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group)
greghsrw.exe -> C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -> [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
 
[Modules - No Company Name]
tweetdeck.exe -> C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe -> [2013/03/27 10:54:31 | 000,887,800 | ---- | M] ()
ppgooglenaclpluginchrome.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll -> [2013/03/21 15:50:33 | 000,390,096 | ---- | M] ()
pepflashplayer.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll -> [2013/03/21 15:50:32 | 012,662,224 | ---- | M] ()
pdf.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll -> [2013/03/21 15:50:31 | 004,050,896 | ---- | M] ()
libglesv2.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll -> [2013/03/21 15:49:41 | 000,598,480 | ---- | M] ()
libegl.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll -> [2013/03/21 15:49:40 | 000,124,368 | ---- | M] ()
ffmpegsumo.dll -> C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll -> [2013/03/21 15:49:38 | 001,606,096 | ---- | M] ()
system.web.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll -> [2013/02/13 04:13:27 | 012,079,616 | ---- | M] ()
system.deployment.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b362975753a31559874bea5609e59c\System.Deployment.ni.dll -> [2013/02/13 04:13:01 | 001,880,576 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll -> [2013/02/13 04:05:46 | 013,199,360 | ---- | M] ()
system.servicemodel.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll -> [2013/01/09 04:43:22 | 018,080,256 | ---- | M] ()
uiautomationtypes.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll -> [2013/01/09 04:41:43 | 000,196,096 | ---- | M] ()
system.windows.input.manipulations.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\e6a6e2678f6215574be155e9088c1a01\System.Windows.Input.Manipulations.ni.dll -> [2013/01/09 04:41:43 | 000,189,440 | ---- | M] ()
uiautomationprovider.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll -> [2013/01/09 04:41:42 | 000,096,768 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll -> [2013/01/09 04:41:27 | 000,771,584 | ---- | M] ()
system.runtime.durableinstancing.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll -> [2013/01/09 04:41:22 | 001,021,952 | ---- | M] ()
smdiagnostics.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll -> [2013/01/09 04:41:21 | 000,143,360 | ---- | M] ()
system.runtime.serialization.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll -> [2013/01/09 04:41:20 | 002,647,040 | ---- | M] ()
system.xml.linq.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll -> [2013/01/09 04:41:18 | 000,393,216 | ---- | M] ()
system.xaml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll -> [2013/01/09 04:40:33 | 001,801,728 | ---- | M] ()
presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll -> [2013/01/09 04:26:57 | 018,002,944 | ---- | M] ()
presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll -> [2013/01/09 04:26:42 | 011,451,904 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll -> [2013/01/09 04:26:33 | 003,858,944 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll -> [2013/01/09 04:26:30 | 001,667,584 | ---- | M] ()
presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll -> [2013/01/09 04:26:30 | 000,595,968 | ---- | M] ()
system.core.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll -> [2013/01/09 04:26:27 | 007,069,696 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll -> [2013/01/09 04:26:25 | 005,617,664 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll -> [2013/01/09 04:26:21 | 000,982,528 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll -> [2013/01/09 04:26:20 | 009,094,656 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll -> [2013/01/09 04:26:15 | 014,412,800 | ---- | M] ()
tweetdeck.exe -> C:\Program Files (x86)\TweetDeck\TweetDeck.exe -> [2013/01/08 11:12:50 | 000,142,336 | ---- | M] ()
wincfi39.dll -> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll -> [2012/05/30 07:51:08 | 000,699,280 | R--- | M] ()
operamgr.dll -> C:\Program Files (x86)\Adobe\Photoshop Elements 9\OperaMgr.dll -> [2010/09/06 01:46:28 | 000,071,104 | ---- | M] ()
libfftw3f-3.dll -> C:\Program Files (x86)\Adobe\Photoshop Elements 9\libfftw3f-3.dll -> [2010/09/06 01:45:48 | 001,533,224 | ---- | M] ()
libfftw3-3.dll -> C:\Program Files (x86)\Adobe\Photoshop Elements 9\libfftw3-3.dll -> [2010/09/06 01:45:46 | 001,581,576 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(EasyRedirect)  [Auto | Running] -> C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -> [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech)
64bit-(Updater Service)  [Auto | Running] -> C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -> [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group)
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(BstHdLogRotatorSvc) BlueStacks Log Rotator Service [Auto | Stopped] -> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -> [2013/03/15 18:31:48 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.)
(BstHdAndroidSvc) BlueStacks Android Service [Auto | Running] -> C:\Program Files (x86)\BlueStacks\HD-Service.exe -> [2013/03/15 18:31:28 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/03/13 04:02:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated)
(N360) Norton 360 [Unknown | Stopped] -> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -> [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated)
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/11/29 01:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation)
(PanService) PandoraService [Auto | Running] -> C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -> [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV)
(CLHNServiceForPowerDVD) CLHNServiceForPowerDVD [Auto | Stopped] -> C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -> [2011/05/18 20:00:20 | 000,083,240 | ---- | M] ()
(CyberLink PowerDVD 11.0 Service) CyberLink PowerDVD 11.0 Service [Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -> [2011/05/12 01:09:36 | 000,312,616 | ---- | M] (CyberLink)
(CyberLink PowerDVD 11.0 Monitor Service) CyberLink PowerDVD 11.0 Monitor Service [Auto | Stopped] -> C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -> [2011/05/12 01:09:34 | 000,070,952 | ---- | M] (CyberLink)
(AdobeActiveFileMonitor9.0) Adobe Active File Monitor V9 [Auto | Stopped] -> C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -> [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(Nero BackItUp Scheduler 4.0) Nero BackItUp Scheduler 4.0 [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -> [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -> [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -> [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation)
(AOL ACS) AOL Connectivity Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -> [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC)
 
[Driver Services - Safe List]
64bit-(SymNetS) Symantec Network Security WFP Driver [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys -> [2013/01/30 20:18:18 | 000,432,800 | ---- | M] (Symantec Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys -> [2013/01/30 20:18:06 | 001,139,800 | ---- | M] (Symantec Corporation)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys -> [2013/01/28 18:45:19 | 000,796,248 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys -> [2013/01/28 18:45:19 | 000,036,952 | ---- | M] (Symantec Corporation)
64bit-(SymDS) Symantec Data Store [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys -> [2013/01/21 19:15:33 | 000,493,656 | ---- | M] (Symantec Corporation)
64bit-(IDMWFP) IDMWFP [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\idmwfp.sys -> [2012/11/21 17:43:14 | 000,165,112 | ---- | M] (Tonec Inc.)
64bit-(SymIRON) Symantec Iron Driver [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys -> [2012/11/15 19:22:01 | 000,224,416 | ---- | M] (Symantec Corporation)
64bit-(ccSet_N360) Norton 360 Settings Manager [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys -> [2012/11/15 19:18:04 | 000,168,096 | ---- | M] (Symantec Corporation)
64bit-(SymEvent) SymEvent [Kernel | Unknown | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2012/11/14 09:47:08 | 000,177,312 | ---- | M] (Symantec Corporation)
64bit-(taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\taphss.sys -> [2012/09/13 12:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation)
64bit-(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpvideominiport.sys -> [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation)
64bit-(WsAudioDevice_383S(1)) WsAudioDevice_383S(1) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -> [2011/11/17 16:08:16 | 000,029,288 | ---- | M] (Wondershare)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/12/09 02:39:52 | 000,537,624 | ---- | M] (Intel Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(e1yexpress) Intel(R) Gigabit Network Connections Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\e1y60x64.sys -> [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2009/05/25 13:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation)
64bit-(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\wanatw64.sys -> [2006/11/29 15:24:49 | 000,024,064 | ---- | M] (America Online, Inc.)
(NAVEX15) NAVEX15 [Kernel | Unknown | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130401.004\ex64.sys -> [2013/03/31 11:03:10 | 002,087,664 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | Unknown | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130401.004\eng64.sys -> [2013/03/31 11:03:10 | 000,126,192 | ---- | M] (Symantec Corporation)
(BHDrvx64) BHDrvx64 [Kernel | Unknown | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -> [2013/03/21 18:52:21 | 001,387,608 | ---- | M] (Symantec Corporation)
(BstHdDrv) BlueStacks Hypervisor [Kernel | Auto | Running] -> C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -> [2013/03/15 18:31:40 | 000,071,032 | ---- | M] (BlueStack Systems)
(IDSVia64) IDSVia64 [Kernel | Unknown | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130329.001\IDSviA64.sys -> [2013/01/04 17:28:04 | 000,513,184 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | Unknown | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2012/08/18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | Unknown | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2012/08/18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation)
(ntk_PowerDVD) ntk_PowerDVD [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -> [2011/05/18 20:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.)
({329F96B6-DF1E-4328-BFDA-39EA953C1312}) Power Control [2011/09/23 16:00:52] [Kernel | Auto | Running] -> C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -> [2011/05/16 20:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: SearchURL\\"Default" -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}" [HKLM] ->  [AOL Toolbar Search Class] -> File not found
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.google.com -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"Start Page" -> https://aol.com -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 92 FD 3A DC C1 E6 CD 01  [binary data] -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Search\\"Default_Search_URL" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: "ProxyOverride" -> <local>erride;<local>;<local>;<local>?????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local> -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Terry\AppData\Roaming\Mozilla\FireFox\Profiles\30ys5cpq.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN\] -> [2013/02/05 12:33:19 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN\] -> [2013/03/26 03:17:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2012/12/30 13:37:00 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Terry\AppData\Roaming\Mozilla\Extensions -> [2012/09/21 14:10:29 | 000,000,000 | ---D | M]
  -> C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\extensions -> [2012/12/03 17:10:36 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2012/12/03 16:52:49 | 000,000,000 | ---D | M]
< HOSTS File > ([2013/02/06 15:53:32 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [IDM integration (IDMIEHlprObj Class)] -> [2013/03/22 01:37:48 | 000,396,096 | ---- | M] (Internet Download Manager, Tonec Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/01/18 09:25:27 | 000,551,840 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/01/18 09:25:23 | 000,209,824 | ---- | M] (Oracle Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [IDM integration (IDMIEHlprObj Class)] -> [2013/03/22 01:37:44 | 000,363,328 | ---- | M] (Internet Download Manager, Tonec Inc.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll [Norton Identity Protection] -> [2013/02/13 20:01:20 | 000,509,776 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll [Norton Vulnerability Protection] -> [2012/11/15 19:20:39 | 000,387,040 | R--- | M] (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2013/02/28 12:15:05 | 000,461,216 | ---- | M] (Oracle Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2013/02/28 12:15:05 | 000,170,912 | ---- | M] (Oracle Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"!{ae07101b-46d4-4a98-af68-0333ea26e113}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"!{687578b9-7132-4a7a-80e4-30ee31099e03}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"!{ae07101b-46d4-4a98-af68-0333ea26e113}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll [Norton Toolbar] -> [2013/02/13 20:01:20 | 000,509,776 | R--- | M] (Symantec Corporation)
"10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/02/11 19:25:38 | 000,386,584 | ---- | M] (Intel Corporation)
"IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/02/11 19:25:56 | 000,162,328 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/02/11 19:25:46 | 000,417,304 | ---- | M] (Intel Corporation)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/20 04:23:26 | 007,981,088 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/10/11 22:56:08 | 000,059,280 | ---- | M] (Apple Inc.)
"BlueStacks Agent" -> C:\Program Files (x86)\BlueStacks\HD-Agent.exe [C:\Program Files (x86)\BlueStacks\HD-Agent.exe] -> [2013/03/15 18:32:36 | 000,601,976 | ---- | M] (BlueStack Systems, Inc.)
"HostManager" -> C:\Program Files (x86)\Common Files\aol\1285107697\ee\aolsoftware.exe [C:\Program Files (x86)\Common Files\AOL\1285107697\ee\AOLSoftware.exe] -> [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.)
"Wondershare Helper Compact.exe" -> C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe] -> [2012/02/28 14:42:58 | 001,679,360 | ---- | M] (Wondershare)
< Run [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Akamai NetSession Interface" ->  ["C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe"] -> File not found
"DW6" -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> [2012/06/05 10:11:34 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.)
"DW7" -> C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe ["C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"] -> [2013/02/05 13:52:15 | 013,102,080 | ---- | M] (The Weather Channel)
"Easy-Hide-IP" -> C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe [C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe] -> [2012/11/22 16:10:36 | 004,760,400 | ---- | M] (Easy Hide IP)
"IDMan" -> C:\Program Files (x86)\Internet Download Manager\IDMan.exe [C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot] -> [2013/03/22 01:37:16 | 003,573,624 | ---- | M] (Tonec Inc.)
"PhotoshopElements8SyncAgent" -> C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe [C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe] -> [2010/09/30 03:06:18 | 001,945,536 | ---- | M] (Adobe Systems Incorporated)
"uTorrent" -> C:\Users\Terry\Downloads\Programs\uTorrent.exe ["C:\Users\Terry\Downloads\Programs\uTorrent.exe"  /MINIMIZED] -> [2012/12/09 16:50:05 | 000,969,104 | ---- | M] (BitTorrent, Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all links with IDM -> C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm [C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm] -> [2003/10/20 00:13:14 | 000,000,283 | ---- | M] ()
Download with IDM -> C:\Program Files (x86)\Internet Download Manager\IEExt.htm [C:\Program Files (x86)\Internet Download Manager\IEExt.htm] -> [2004/12/02 06:31:10 | 000,000,277 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all links with IDM -> C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm [C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm] -> [2003/10/20 00:13:14 | 000,000,283 | ---- | M] ()
Download with IDM -> C:\Program Files (x86)\Internet Download Manager\IEExt.htm [C:\Program Files (x86)\Internet Download Manager\IEExt.htm] -> [2004/12/02 06:31:10 | 000,000,277 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{3B54DEAB-C6D4-48a8-8C32-A70558643400}:C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html [HKLM] ->  [Button: Download Video] -> File not found
{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}:{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} [HKLM] -> C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll [Button: Window Shopper] -> [2010/09/26 07:32:26 | 000,303,104 | ---- | M] (Superfish)
{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}:Exec [HKLM] ->  [Button: Radio && MP3 Player] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Reg Error: Value error. -> 
PluginsPage -> Reg Error: Value error. -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Reg Error: Value error. -> 
PluginsPage -> Reg Error: Value error. -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5130 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
twitter.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{C345E174-3E87-4F41-A01C-B066A90A49B4} [HKLM] -> http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx [WRC Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> http://imikimi.com/download/imikimi_plugin_0.5.1.cab [Reg Error: Key error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 75.75.75.75 75.75.76.76 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{EFFF6009-DCDE-4DC2-9789-AFC20BEE3BC9}\\DhcpNameServer -> 75.75.75.75 75.75.76.76   (Intel(R) 82567V-2 Gigabit Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 18:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/02/11 18:45:30 | 000,272,896 | ---- | M] (Intel Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{019BF475-0518-43EF-81EE-0A69F13F3F7C} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
{0294BB2F-6178-459D-8C46-8D1C40D6AD6B} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
{03A6BA39-F663-4EF4-BA2B-AAF061B52FD3} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{0653258F-C701-4E6A-B49F-3B876911FCAD} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{08E024BB-596A-4DFF-A430-159062EB67CE} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{098C4C77-C19A-4D9E-B683-D5F329043C68} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{25B9D31D-64EC-44F5-900B-17177C3E5D3C} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{27534752-275A-4060-BD2B-BF6687513EB8} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{291BD5F3-334F-45B5-A01C-5F8254605029} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{295EF879-34FC-4A05-A484-51AA1443280E} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{2FA65B31-3A9D-4C20-AFC6-469495F0EF44} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{32D184A0-86AC-42A8-8B35-3B95B7BA5643} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{39D93BC5-1AA5-481C-88B9-44CCA691995B} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{4084E937-EAAA-47EE-9520-7BE7CE434C09} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{4B79D9BA-B7E8-47DA-BB96-4B87663FC707} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{4E88FDCE-9644-4E20-B859-437DC4A1E942} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{541CC847-9811-4ECB-AB04-E18CB61EE4E7} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system | 
{55853804-B5DC-4553-A0C6-5BDE3D577A91} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{5741A6DF-630C-48AE-9E80-16F23121ACD0} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{57E280EE-5C8B-4BB2-B51A-EC3BA3599F5D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{58586124-1B8D-4EB0-A6D2-6B1C4352F492} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{5CE7FE0A-2B88-4586-BCF8-D67E2155A93F} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{6364B77A-8796-4078-B3CC-5963A3E70B4F} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system | 
{693C4250-DEA5-440C-887C-0421488136A9} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system | 
{6EFD3216-D4DB-448C-81DA-E8838C66FFD2} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{7913EA4E-B965-4F24-9F89-F08D64604D2D} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{7C7BD74E-D59D-40F9-8481-A74C4729E9DD} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system | 
{86444BB3-291D-4D31-A046-BB4AA3243C28} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{96E39AEB-5346-4178-820A-DA0C3594F311} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss | 
{A3EFC5DB-724F-4BDC-A201-3EF43397730C} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{AF8150A9-8B4A-4262-900E-D368942052B3} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
{BE10AB93-C4A6-464B-BE93-069E778BFF99} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{C232D951-55E7-4D04-9346-F88A07FC0B22} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system | 
{C428A183-FD79-40B5-990D-895328F43AC8} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{C6D369BF-2CD4-4608-B915-F63960BBC3FE} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system | 
{CF0676E6-E2EC-438A-9741-7029DEBD00CE} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{D04F89E1-AF0C-4ED3-884D-75DD6E15A4E4} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{F14ACA99-0EA1-4465-89D4-8F28CC2F2E47} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{F187B23D-066B-42C7-A3FF-03433F2581DB} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system | 
{F534D21D-02A4-4E48-A237-A3745ED5E6D3} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system | 
{F748F7FF-E873-4BE4-BD77-890F785884B9} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{003C7A18-60D9-4C89-94D8-DE42C1AA1D76} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{0248989D-13CF-4D97-BEDD-40E65C81D75E} -> profile=private | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
{02A4D600-582A-4C14-ADFE-C125CF0CB18F} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{02C509F8-43E5-4484-841F-454A261E8435} -> profile=public | protocol=17 | dir=in | action=allow | name=aol system information | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
{03459BFC-365C-4865-AC78-931ADF555F17} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{0B630C0D-FB86-4F12-8485-A3B8411588D4} -> dir=in | action=allow | name=cyberlink powerdvd 11.0 movie module | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
{0BA30535-7D62-4C75-A2DC-648F73559362} -> dir=in | action=allow | name=cyberlink media server | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserver.exe | 
{0DF51920-0F75-4FAA-BB5D-9D6FA6593BA1} -> profile=private | protocol=17 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
{0ED13479-31CE-484C-B9B9-92D8A9AEA5BC} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{129EEB1D-8418-4218-912C-8BFE9FA4401E} -> profile=public | protocol=17 | dir=in | action=allow | name=aol | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
{136D49AB-49E1-41CB-8E33-63B182682B5C} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
{1473D86F-6F04-46A3-9153-CD04272511DC} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{15493A82-8089-40AD-B734-67DAE8797474} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
{161B800E-3751-457E-9B12-E9BFC9440DFB} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk | app=c:\program files (x86)\google\google talk\googletalk.exe | 
{193D4B11-EFA0-459F-9755-C6FAE90D80E1} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
{1A24FA76-D1E7-4F60-9911-A5E14303BA05} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
{1AC43909-C9DC-4525-9AA3-010FF4874AF5} -> profile=private | protocol=17 | dir=in | action=allow | name=aol topspeed | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
{1CEF6BCD-8D02-4AED-BC44-9F9922F4B855} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{1D3BDCC8-6F79-4ABA-B13B-06FC43144E0D} -> profile=private | protocol=6 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1283115846\ee\aolsoftware.exe | 
{1D52B18E-D005-4AC6-ABAB-A557D8B24ED8} -> profile=private | protocol=6 | dir=in | action=allow | name=pando | app=c:\program files (x86)\pando networks\pando\pando.exe | 
{1FF8832F-3F02-46A6-A723-BA1BA6E689CA} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 | 
{2082FC22-3601-43CA-8ACB-5EF5F51BB23B} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
{253D0AFF-E737-4AE2-A6B4-A65346AE2EDE} -> profile=private | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\terry\appdata\roaming\dropbox\bin\dropbox.exe | 
{285BD80B-DC9D-4BB3-9891-E049515C4860} -> profile=public | protocol=17 | dir=in | action=allow | name=aol topspeed | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
{2ACF0543-3762-42A0-93F7-EE24D70A6F45} -> profile=private | protocol=6 | dir=in | action=allow | name=mcafee shared service host | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
{2BBB367F-D176-4670-A030-99C9A0D5F75C} -> profile=public | protocol=6 | dir=in | action=allow | name=aol connectivity service dialer | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
{2BFFFE63-37AF-4490-850A-10812879B69E} -> profile=private | protocol=17 | dir=in | action=allow | name=easydownloads | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
{300BC7E4-5C12-4F7F-B7D2-9C8BD7AFC7E7} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk | app=c:\program files (x86)\google\google talk\googletalk.exe | 
{36140DC2-38F7-467D-AC21-480BF30F34D3} -> dir=in | action=allow | name=cyberlink powerdvd 11.0 rc service | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
{3A837FDA-5D62-46D1-B5D7-DB94C876DF7A} -> profile=public | protocol=17 | dir=in | action=allow | name=aol browser | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
{3EACF359-74EB-4E34-BBA2-23C6933BC594} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{3F9910B3-DB88-4C54-A287-8495DDECCC49} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
{40598DBB-1D08-49B2-B086-359867A5FE95} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
{40A13F36-D0A4-4A39-841C-085B1486CFDB} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
{4159297B-5759-416B-9B41-C1508005395B} -> dir=in | action=allow | name=cyberlink powerdvd 11.0 | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
{45E05721-625B-46A4-AB51-9027DCE57A4E} -> profile=public | protocol=6 | dir=in | action=allow | name=aol connectivity service | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
{46FC0B92-A31D-4B64-9A46-D09E54667B14} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{46FC17FF-6AC1-46B9-ACB1-B405C039D58F} -> profile=private | protocol=17 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
{46FC56D3-1F22-4704-9DE7-BF9DF8ADB39B} -> profile=private | protocol=6 | dir=in | action=allow | name=aol topspeed | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
{475885AF-54BA-4F31-8D73-703F624EEF8B} -> profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface | app=c:\users\terry\appdata\local\akamai\netsession_win.exe | 
{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 | 
{48CD5C2E-A8AF-49E5-8368-AD15FBA79149} -> profile=private | protocol=17 | dir=in | action=allow | name=aol system information | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
{49CC5161-4547-47AC-9829-F74C38032FF7} -> profile=public | protocol=6 | dir=in | action=allow | name=panprocess | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe | 
{4C195EEC-55C2-4A1B-B403-2A8655E4D25A} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
{51D0518D-802D-496D-B672-FFDE63990636} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{538F52C6-0305-463F-9330-58BA9E9E8223} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{546CFA29-459B-404A-B504-DD04DBCDD390} -> profile=public | protocol=17 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
{54EDF33F-115C-429C-985C-3AD84986CC65} -> profile=private | protocol=17 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1283115846\ee\aolsoftware.exe | 
{56270B4D-0DD3-4C4B-9873-65411457067C} -> profile=private | protocol=17 | dir=in | action=allow | name=aol connectivity service | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
{56E808A1-BFD0-4B79-B567-B9FA848D697F} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{56EE54C1-DA30-483E-8DFD-D679519EF1F4} -> profile=private | protocol=6 | dir=in | action=allow | name=aol connectivity service dialer | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
{5EBE85A5-2850-485C-AE7E-82665E74FB40} -> protocol=17 | dir=in | action=allow | name=&#956;torrent (udp-in) | app=c:\users\terry\downloads\programs\utorrent.exe | 
{61CA874E-1123-48B0-9FC2-BD29560A2D87} -> profile=public | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
{61FB8AD2-C831-45AB-9DFB-D685C3A8300D} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{62F27534-2769-4D2F-B42F-E96E62F64F44} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{635E1312-F093-4A8E-96CE-68254F3CD1D1} -> profile=private | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\terry\appdata\roaming\dropbox\bin\dropbox.exe | 
{6546E5AD-AB35-4B06-B1C3-F48E3A25908E} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{65901CFC-D156-4C8F-90EA-C26D256CA195} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{6B2F1F3A-7F25-443E-8BFE-1EB321DC6353} -> profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface | app=c:\users\terry\appdata\local\akamai\netsession_win.exe | 
{6DF79A25-6266-4686-92EF-D1C352D35B22} -> profile=private | protocol=17 | dir=in | action=allow | name=pando | app=c:\program files (x86)\pando networks\pando\pando.exe | 
{6ECCF9FD-5500-4AAA-91EB-4F019E10E17E} -> profile=private | protocol=6 | dir=in | action=allow | name=dtx broker | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
{70646142-D230-40A6-B278-586D903C4073} -> profile=public | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
{7503E7C5-8014-4C01-BBC5-1FE64642881B} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
{793F6C68-D36D-4913-A7CD-0A07B1ED9820} -> profile=private | protocol=6 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
{79D092D2-D4B1-4940-8F2D-25BEAE20EB97} -> profile=private | protocol=6 | dir=in | action=allow | name=aol | app=c:\program files (x86)\aol 9.5\waol.exe | 
{7C6BF97E-E595-477B-902E-F586A36D9F36} -> profile=public | protocol=6 | dir=in | action=allow | name=pandoraservice | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
{7E4D6CD6-FC8C-492F-BC76-33109AD041A1} -> dir=in | action=allow | name=pando | app=c:\program files (x86)\pando networks\pando\pando.exe | 
{7F7D40A1-71AB-47C5-AA8C-6BDDD80FA8DD} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
{8298AB65-F9AE-47D9-A20B-FB7BF4575C60} -> dir=in | action=allow | name=microsoft skydrive | app=c:\users\terry\appdata\local\microsoft\skydrive\skydrive.exe | 
{84324341-C3FC-4B34-98FB-81056F6598D3} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{859340B2-C313-4837-9A00-7775E44289F4} -> protocol=58 | dir=in | action=allow | [email protected],-502 | app=system | 
{8642AF85-31DC-4BB3-8E9D-1E478C224084} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{874D53CD-B060-4C24-923C-BF589DF7F23C} -> profile=public | protocol=6 | dir=in | action=allow | name=aol system information | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
{889075A1-E3C8-49FD-8BA0-705E68CF529C} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{8A6CB474-6AD5-494E-8ABC-958F3779985C} -> profile=private | protocol=17 | dir=in | action=allow | name=aol connectivity service dialer | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
{8A77B454-E01E-41F7-B627-30E283CD0836} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{8DC6E94D-3443-41EF-B031-F52D30F2D7F9} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
{90C4BAB3-D0AF-4F13-B4E4-CF4C84CB0DB0} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
{921830BE-17B8-4931-B3BE-AA5FD20BF045} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{9232695B-3E72-4593-9BDB-C7C0108A11BE} -> profile=public | protocol=17 | dir=in | action=allow | name=aol connectivity service | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
{9870EA81-02E5-4479-A7CD-CE1AEA797391} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
{9D2BBE03-1026-46F0-99A6-22AA3BD599A4} -> protocol=58 | dir=out | action=allow | [email protected],-503 | 
{9E741BFF-654F-4DDC-86B0-64A19C4D93B5} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
{9F891E67-4322-4AD8-BFAB-9B62DD08E53C} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{A03D2D67-D468-4815-8A78-E51829B96B17} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{A04DCD4B-C3A9-4B48-9262-16C86901EF76} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
{A1596883-74CC-46DA-AF63-98A53E592020} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 | 
{A2F65A3A-0E7E-4485-A898-B3341D755F4C} -> profile=private | protocol=17 | dir=in | action=allow | name=dtx broker | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
{A5589677-56C4-46C1-A86B-1F0B5425786F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{AB25E501-955B-418C-AC6F-0420A6AA81D6} -> profile=private | protocol=17 | dir=in | action=allow | [email protected]pi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{AB3FBA72-52C3-4476-9A38-230DBE05659B} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{AB860773-625C-4375-91F7-88491341A1F0} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
{AC076146-66D1-4390-B2E6-A51063AE180A} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
{AD16C56C-5B82-481F-B8FF-D550375A022E} -> profile=public | protocol=17 | dir=in | action=allow | name=pandoraservice | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
{AE54D01D-9806-404A-A74C-CA44082A2C99} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B336AE8D-F424-492F-94F2-63515999A479} -> profile=public | protocol=6 | dir=in | action=allow | name=aol | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
{B8F398BB-7325-4079-98E5-09E58697D0F0} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{C14DB4CA-9720-4813-9D47-2CD5E4AA4DCE} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
{C7F1B773-3602-4F7E-8A19-FDAF5F4377F6} -> protocol=6 | dir=in | action=allow | name=&#956;torrent (tcp-in) | app=c:\users\terry\downloads\programs\utorrent.exe | 
{C8F2D4FA-6220-4B37-A061-4ACE47AEE39C} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{CE504808-152F-4073-8BB9-0F8E7C4D30C6} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{CEF87E1D-6B72-41DC-BE77-46F06ACD7525} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
{CF93FBB1-A709-4C31-AB78-C98CC0F77EB8} -> profile=public | protocol=17 | dir=in | action=allow | name=aol connectivity service dialer | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
{CFCA4803-EA55-4CEC-A865-E5EC2D633AF0} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{D1707B4D-FD43-4DFE-96BC-FDC9626510F2} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
{D3648D1D-2BA3-4973-9B7E-EDC907B6E342} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{DA666C99-EEFF-4C94-9587-72A12B376864} -> profile=private | protocol=17 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285090116\ee\aolsoftware.exe | 
{DC4704E1-7CCD-441C-A10B-81BE59900482} -> profile=private | protocol=6 | dir=in | action=allow | name=easydownloads | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
{DC6E9D6F-CB2C-4322-9A0A-F3BF74703EA5} -> profile=private | protocol=6 | dir=in | action=allow | name=aol system information | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
{DE48E764-F32E-40F6-BDF9-A2F859A5491E} -> profile=public | protocol=6 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285107697\ee\aolsoftware.exe | 
{E279409F-C3A1-4111-AF64-0A58B2C27906} -> profile=public | protocol=6 | dir=in | action=allow | name=aol browser | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
{E329D10E-C561-4B21-B4F2-AA0F2773D17A} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
{E3E554AB-6E6B-4440-B515-4560F2B7B9DF} -> profile=private | protocol=6 | dir=in | action=allow | name=aol shared components | app=c:\program files (x86)\common files\aol\1285090116\ee\aolsoftware.exe | 
{E4D5EDBF-E0B2-4CB6-9730-F4E8E0DD6AE3} -> profile=public | protocol=17 | dir=in | action=allow | name=panprocess | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe | 
{E673DDF4-FA0A-442C-AA28-6945BA15977C} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{E8715BB0-E132-4617-B344-62E03BFE2C1C} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 | 
{E8E58717-0B41-4464-9698-476778C5F14B} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{E926E57D-011D-4F63-BCC5-FFCFDC28D091} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{EC3183D8-7C1D-4CBB-B58B-34714B88BFC2} -> profile=private | protocol=6 | dir=in | action=allow | name=easydownloadsdl | app=c:\program files (x86)\easy downloads\easydl.exe | 
{ED2F73A3-B00F-4A70-8312-EBB09846C4AB} -> profile=private | protocol=17 | dir=in | action=allow | name=easydownloadsdl | app=c:\program files (x86)\easy downloads\easydl.exe | 
{EF74EC99-B995-413D-9BC1-8C5469482D60} -> profile=private | protocol=17 | dir=in | action=allow | name=aol | app=c:\program files (x86)\aol 9.5\waol.exe | 
{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{F194DDA2-58D9-4C92-828B-C612E5172844} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
{F38CB874-283C-45B4-85B0-3B8C22BEFFC3} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
{F399A44A-7AF7-47FC-A7F2-40E4A7F1266C} -> dir=in | action=allow | name=cyberlink powerdvd 11.0 | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
{F58B4C2C-5FC6-45E0-9C57-586B2FF5AADD} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{F5CEC2BD-955F-45F7-B9B5-7945CF1A12CF} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{F65C7E6C-8F52-4892-ABE7-624233089D5F} -> profile=public | protocol=6 | dir=in | action=allow | name=aol topspeed | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
{F65D3A52-C53A-4370-B9AA-7A386A497B4C} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{F8283A58-0F8C-476F-A41A-1F97F3F687FC} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
{FCC8709B-5CAC-4BAF-B865-DABDC8E91616} -> profile=private | protocol=6 | dir=in | action=allow | name=aol connectivity service | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
{FEEFA1A2-6EB9-4D34-B11E-27AA26CC4A1A} -> profile=private | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
D:\AUTORUN.INF [[autorun] | OPEN=QWP2012_Setup.exe | ICON=qwp.ico | ] -> D:\AUTORUN.INF [ UDF ] -> [2011/06/30 16:25:38 | 000,000,047 | R--- | M] ()
G:\autorun [] -> G:\autorun [ FAT32 ] -> [2008/12/21 08:18:42 | 000,000,000 | ---D | M]
G:\autorun.in_2.org [[autorun] | open=WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ] -> G:\autorun.in_2.org [ FAT32 ] -> [2008/02/25 10:30:42 | 000,000,054 | R-S- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL OnePoint.lnk ->  -> File not found
< 64bit-Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
AdobeAAMUpdater-1.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -> [2010/07/29 01:25:06 | 000,497,648 | ---- | M] (Adobe Systems Incorporated)
APSDaemon hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe -> [2012/10/11 22:56:08 | 000,059,280 | ---- | M] (Apple Inc.)
DW6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe -> [2012/06/05 10:11:34 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.)
DW7 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe -> [2013/02/05 13:52:15 | 013,102,080 | ---- | M] (The Weather Channel)
EasyDownloads hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Gateway Photo Frame hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -> [2009/07/20 14:07:10 | 000,124,416 | ---- | M] (IOI)
googletalk hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe -> [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google)
Hotkey Utility hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe -> [2010/03/25 19:29:36 | 000,563,744 | ---- | M] ()
QuickTime Task hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\QuickTime\QTTask.exe -> [2012/10/25 04:12:14 | 000,421,888 | ---- | M] (Apple Inc.)
RemoteControl11 hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe -> [2011/05/18 20:00:48 | 000,234,792 | ---- | M] (CyberLink Corp.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe -> [2012/07/03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.)
SUPERAntiSpyware hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
< 64bit-Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"services" -> 2 -> 
"startup" -> 2 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 3/31/2013 3:31:22 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 3/31/2013 6:09:57 PM Computer Name = Terry-PC | Source = Application Hang | ID = 1002 -> Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 1a80    Start Time: 01ce2e5bed134456    Termination Time: 9    Application Path: C:\Users\Terry\Downloads\Programs\OTL.exe    Report Id: b3d74302-9a4f-11e2-b949-00038a000015  
Application [ Error ] 3/31/2013 6:19:37 PM Computer Name = Terry-PC | Source = Application Hang | ID = 1002 -> Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 1c70    Start Time: 01ce2e5c8629969d    Termination Time: 13    Application Path: C:\Users\Terry\Downloads\Programs\OTL.exe    Report Id: 10638a55-9a51-11e2-b949-00038a000015  
Application [ Error ] 3/31/2013 6:26:29 PM Computer Name = Terry-PC | Source = Application Hang | ID = 1002 -> Description = The program OTL (1).com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 27e8    Start Time: 01ce2e5e782d29f4    Termination Time: 21    Application Path: C:\Users\Terry\Downloads\OTL (1).com    Report Id: 056b6eb1-9a52-11e2-b949-00038a000015  
Application [ Error ] 3/31/2013 6:32:27 PM Computer Name = Terry-PC | Source = Application Hang | ID = 1002 -> Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: ac0    Start Time: 01ce2e5ecca94b04    Termination Time: 9    Application Path: C:\Users\Terry\Downloads\Programs\OTL.exe    Report Id: da91639a-9a52-11e2-b949-00038a000015  
Application [ Error ] 4/1/2013 3:30:53 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842832 -> Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .  A component version required by the application conflicts with another component version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.  Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Application [ Error ] 4/1/2013 3:31:23 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 4/1/2013 3:31:23 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 4/1/2013 3:31:23 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
Application [ Error ] 4/1/2013 3:31:23 AM Computer Name = Terry-PC | Source = SideBySide | ID = 16842785 -> Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".  Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.  Please use sxstrace.exe for detailed diagnosis.
System [ Error ] 3/31/2013 6:06:12 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The Adobe Active File Monitor V9 service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 3/31/2013 6:10:21 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 3/31/2013 6:22:25 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 3/31/2013 6:24:46 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The CLHNServiceForPowerDVD service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 3/31/2013 6:26:51 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The CyberLink PowerDVD 11.0 Monitor Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 4/3/2013 7:28:21 AM Computer Name = Terry-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 4/5/2013 8:14:42 PM Computer Name = Terry-PC | Source = DCOM | ID = 10005 -> Description = 
System [ Error ] 4/5/2013 8:14:42 PM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7000 -> Description = The Google Update Service (gupdate) service failed to start due to the following error:   %%109
System [ Error ] 4/6/2013 10:30:54 AM Computer Name = Terry-PC | Source = Service Control Manager | ID = 7034 -> Description = The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 4/6/2013 10:31:24 AM Computer Name = Terry-PC | Source = DCOM | ID = 10010 -> Description = 
 
[Files/Folders - Created Within 30 Days]
 prescriptions_files -> C:\Users\Terry\Documents\prescriptions_files -> [2013/04/04 17:33:11 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2013/03/31 15:06:12 | 000,000,000 | ---D | C]
 Misc Shortcuts -> C:\Users\Terry\Desktop\Misc Shortcuts -> [2013/03/31 15:04:07 | 000,000,000 | ---D | C]
 WinCalendarV3 -> C:\ProgramData\WinCalendarV3 -> [2013/03/31 06:51:11 | 000,000,000 | ---D | C]
 Sapro Systems WinCalendarV3 -> C:\Program Files (x86)\Sapro Systems WinCalendarV3 -> [2013/03/31 06:50:55 | 000,000,000 | ---D | C]
 usb8023.sys -> C:\Windows\SysNative\drivers\usb8023.sys -> [2013/03/25 19:02:38 | 000,019,968 | ---- | C] (Microsoft Corporation)
 BlueStacks -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks -> [2013/03/24 09:23:41 | 000,000,000 | ---D | C]
 BlueStacks -> C:\ProgramData\BlueStacks -> [2013/03/24 09:23:41 | 000,000,000 | ---D | C]
 BlueStacks -> C:\Program Files (x86)\BlueStacks -> [2013/03/24 09:23:41 | 000,000,000 | ---D | C]
 BlueStacksSetup -> C:\ProgramData\BlueStacksSetup -> [2013/03/24 09:22:10 | 000,000,000 | ---D | C]
 idmwfp.sys -> C:\Windows\SysNative\drivers\idmwfp.sys -> [2013/03/22 02:48:59 | 000,165,112 | ---- | C] (Tonec Inc.)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/03/14 03:03:55 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/03/14 03:03:55 | 000,073,216 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/03/14 03:03:54 | 001,427,968 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/03/14 03:03:54 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2013/03/14 03:03:54 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2013/03/14 03:03:54 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/03/14 03:03:54 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/03/14 03:03:54 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/03/14 03:03:54 | 000,142,848 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/03/14 03:03:53 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/03/14 03:03:53 | 001,494,528 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/03/14 03:03:53 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/03/14 03:03:52 | 000,816,640 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/03/14 03:03:52 | 000,717,824 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/03/14 03:03:52 | 000,599,040 | ---- | C] (Microsoft Corporation)
 Microsoft Silverlight -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight -> [2013/03/14 03:03:44 | 000,000,000 | ---D | C]
 Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2013/03/14 03:02:33 | 000,000,000 | ---D | C]
 Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2013/03/14 03:02:33 | 000,000,000 | ---D | C]
 VideoLAN -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN -> [2013/03/10 14:14:41 | 000,000,000 | ---D | C]
 vlc -> C:\Users\Terry\AppData\Roaming\vlc -> [2013/03/10 14:09:15 | 000,000,000 | ---D | C]
 BcsKtYcHW.dll -> C:\Users\Terry\AppData\Local\BcsKtYcHW.dll -> [2013/03/09 11:21:01 | 002,148,152 | ---- | C] (Catalina Marketing Corp)
 Catalina  Print Savings -> C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina  Print Savings -> [2013/03/09 11:20:57 | 000,000,000 | ---D | C]
 Catalina  Print Savings -> C:\Users\Terry\AppData\Roaming\Catalina  Print Savings -> [2013/03/09 11:20:56 | 000,000,000 | ---D | C]
 PremiereElements_9_LS15.exe -> C:\Program Files (x86)\PremiereElements_9_LS15.exe -> [2011/09/01 17:40:40 | 001,228,384 | ---- | C] (Adobe Systems Incorporated)
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/04/07 16:40:01 | 000,000,896 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/04/07 16:24:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/04/07 08:40:01 | 000,000,892 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/04/07 06:19:37 | 000,067,584 | --S- | M] ()
 glasses_presciption_001.jpg -> C:\Users\Terry\Documents\glasses_presciption_001.jpg -> [2013/04/04 17:34:21 | 000,087,284 | ---- | M] ()
 prescriptions.htm -> C:\Users\Terry\Documents\prescriptions.htm -> [2013/04/04 17:33:11 | 000,300,690 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/03/31 23:20:45 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/03/31 23:20:45 | 000,009,920 | -H-- | M] ()
 OTL - Shortcut.lnk -> C:\Users\Terry\Desktop\OTL - Shortcut.lnk -> [2013/03/31 15:10:10 | 000,013,334 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/03/30 08:34:18 | 000,779,306 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/03/30 08:34:18 | 000,660,296 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/03/30 08:34:18 | 000,121,224 | ---- | M] ()
 EasyRedirectOff.ini -> C:\Windows\SysWow64\EasyRedirectOff.ini -> [2013/03/26 21:21:28 | 000,001,976 | ---- | M] ()
 EasyRedirectOff.ini -> C:\Windows\SysNative\EasyRedirectOff.ini -> [2013/03/26 21:21:28 | 000,001,976 | ---- | M] ()
 EasyRedirect.ini -> C:\Windows\SysWow64\EasyRedirect.ini -> [2013/03/26 21:21:27 | 000,003,432 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/03/26 03:17:22 | 509,480,959 | -HS- | M] ()
 Apps.lnk -> C:\Users\Public\Desktop\Apps.lnk -> [2013/03/24 09:24:19 | 000,001,826 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2013/03/17 12:53:51 | 000,007,680 | ---- | M] ()
 ntuser.pol -> C:\Users\Terry\ntuser.pol -> [2013/03/16 16:33:20 | 000,000,258 | RHS- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/03/13 04:02:10 | 000,693,976 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/03/13 04:02:10 | 000,073,432 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerInstaller.exe -> C:\Windows\SysWow64\FlashPlayerInstaller.exe -> [2013/03/13 04:02:03 | 016,486,616 | ---- | M] (Adobe Systems Incorporated)
 VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2013/03/10 15:13:31 | 000,001,031 | ---- | M] ()
 BcsKtYcHW.dll -> C:\Users\Terry\AppData\Local\BcsKtYcHW.dll -> [2013/03/09 11:21:01 | 002,148,152 | ---- | M] (Catalina Marketing Corp)
 a.zip -> C:\Users\Terry\AppData\Local\a.zip -> [2013/03/09 11:21:01 | 000,915,073 | ---- | M] ()
 
[Files - No Company Name]
 glasses_presciption_001.jpg -> C:\Users\Terry\Documents\glasses_presciption_001.jpg -> [2013/04/04 17:34:21 | 000,087,284 | ---- | C] ()
 prescriptions.htm -> C:\Users\Terry\Documents\prescriptions.htm -> [2013/04/04 17:33:10 | 000,300,690 | ---- | C] ()
 OTL - Shortcut.lnk -> C:\Users\Terry\Desktop\OTL - Shortcut.lnk -> [2013/03/31 15:10:10 | 000,013,334 | ---- | C] ()
 Apps.lnk -> C:\Users\Public\Desktop\Apps.lnk -> [2013/03/24 09:24:19 | 000,001,826 | ---- | C] ()
 ntuser.pol -> C:\Users\Terry\ntuser.pol -> [2013/03/16 16:33:20 | 000,000,258 | RHS- | C] ()
 VLC media player.lnk -> C:\Users\Public\Desktop\VLC media player.lnk -> [2013/03/10 14:14:42 | 000,001,031 | ---- | C] ()
 a.zip -> C:\Users\Terry\AppData\Local\a.zip -> [2013/03/09 11:20:58 | 000,915,073 | ---- | C] ()
 pdftk.exe -> C:\Windows\SysWow64\pdftk.exe -> [2013/02/17 15:25:12 | 004,369,408 | ---- | C] ()
 ptj.exe -> C:\Windows\SysWow64\ptj.exe -> [2013/02/17 15:25:12 | 001,503,232 | ---- | C] ()
 cidfont.dll -> C:\Windows\SysWow64\cidfont.dll -> [2013/02/17 15:25:12 | 001,103,360 | ---- | C] ()
 office.exe -> C:\Windows\SysWow64\office.exe -> [2013/02/17 15:25:12 | 000,235,008 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2013/02/06 15:34:20 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/02/06 15:34:20 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/02/06 15:34:20 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/02/06 15:34:20 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/02/06 15:34:20 | 000,068,096 | ---- | C] ()
 UserTile.png -> C:\Users\Terry\AppData\Roaming\UserTile.png -> [2012/12/30 16:01:18 | 000,033,134 | ---- | C] ()
 resmon.resmoncfg -> C:\Users\Terry\AppData\Local\resmon.resmoncfg -> [2012/11/01 17:24:12 | 000,000,017 | ---- | C] ()
 hpoins19.dat -> C:\Windows\hpoins19.dat -> [2012/10/05 13:35:00 | 000,221,578 | ---- | C] ()
 hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2012/10/05 13:35:00 | 000,013,898 | ---- | C] ()
 cd.dat -> C:\Windows\SysWow64\cd.dat -> [2012/09/28 08:25:51 | 000,000,000 | ---- | C] ()
 wklnhst.dat -> C:\Users\Terry\AppData\Roaming\wklnhst.dat -> [2012/08/13 22:36:38 | 000,000,000 | ---- | C] ()
 EasyRedirect.ini -> C:\Windows\SysWow64\EasyRedirect.ini -> [2012/07/14 18:18:15 | 000,003,432 | ---- | C] ()
 EasyRedirectOff.ini -> C:\Windows\SysWow64\EasyRedirectOff.ini -> [2012/07/14 18:18:15 | 000,001,976 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/03/07 08:52:57 | 000,773,030 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2011/10/05 16:58:38 | 000,175,616 | ---- | C] ()
 avisplitter.ini -> C:\Windows\avisplitter.ini -> [2011/10/05 16:58:37 | 000,000,038 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011/10/05 16:58:36 | 000,650,752 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011/10/05 16:58:36 | 000,243,200 | ---- | C] ()
 ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2011/10/05 16:58:36 | 000,074,752 | ---- | C] ()
 mlfcache.dat -> C:\Windows\SysWow64\mlfcache.dat -> [2011/09/04 20:23:06 | 000,228,480 | -H-- | C] ()
 PremiereElements_9_LS15.7z -> C:\Program Files (x86)\PremiereElements_9_LS15.7z -> [2011/09/01 09:25:04 | 1316,066,539 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Terry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/07/25 10:41:47 | 000,007,680 | ---- | C] ()
 ulead32.ini -> C:\Windows\ulead32.ini -> [2011/06/21 15:04:06 | 000,000,206 | ---- | C] ()
 netjoin.dll -> C:\Windows\SysWow64\netjoin.dll -> [2011/06/01 17:41:36 | 000,161,792 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Okay, lets hope this works 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}" [HKLM] -> [AOL Toolbar Search Class]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> 
YN -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US
YN -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 92 FD 3A DC C1 E6 CD 01  [binary data]
YN -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\: "ProxyOverride" -> <local>erride;<local>;<local>;<local>?????????????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "!{ae07101b-46d4-4a98-af68-0333ea26e113}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "!{687578b9-7132-4a7a-80e4-30ee31099e03}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "!{ae07101b-46d4-4a98-af68-0333ea26e113}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\] > -> HKEY_USERS\S-1-5-21-254241989-344465633-3051194989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Akamai NetSession Interface" -> ["C:\Users\Terry\AppData\Local\Akamai\netsession_win.exe"]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {3B54DEAB-C6D4-48a8-8C32-A70558643400}:C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html [HKLM] -> [Button: Download Video]
YN -> {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}:Exec [HKLM] -> [Button: Radio && MP3 Player]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [HKLM] -> http://imikimi.com/download/imikimi_plugin_0.5.1.cab [Reg Error: Key error.]
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {6ECCF9FD-5500-4AAA-91EB-4F019E10E17E} -> profile=private | protocol=6 | dir=in | action=allow | name=dtx broker | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
YN -> {A2F65A3A-0E7E-4485-A898-B3341D755F4C} -> profile=private | protocol=17 | dir=in | action=allow | name=dtx broker | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
[Alternate Data Streams]
NY -> @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------

