Vista 2012 Alert Malware

Status
Not open for further replies.
Let find some more info on these

You need to run the 64Bit version


Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
WhiteSmoke
:folderfind
WhiteSmoke
:regfind
WhiteSmoke
:filefind
searchqu
:folderfind
searchqu
:regfind
searchqu
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt






Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
 
SystemLook 30.07.11 by jpshortstuff
Log created at 14:17 on 26/01/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "WhiteSmoke"
No files found.

========== folderfind ==========

Searching for "WhiteSmoke"
C:\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\Users\Owner\AppData\Roaming\WhiteSmoke d------ [15:33 29/08/2011]

========== regfind ==========

Searching for "WhiteSmoke"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
"Title"="WhiteSmoke Bar Notifications"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"WebServerUrl"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/?d=11&a=0&r=1568"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeBar.OurToolbar.com/help/#2_5"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
@="WhiteSmoke Bar API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
@="WhiteSmoke Bar API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{167d9323-f7cc-48f5-948a-6f012831a69f}]
"Name"="WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars]
"WhiteSmoke Bar Toolbar"="{167D9323-F7CC-48F5-948A-6F012831A69F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
"AppPath"="C:\Program Files (x86)\WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
"AppName"="WhiteSmoke_BarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D711319B-8446-4D31-8478-B1E4FC114F82}]
"AppName"="WhiteSmoke_BarAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke\Uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke\Uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"URLInfoAbout"="http://www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"Publisher"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Bar Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayName"="WhiteSmoke Bar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"HelpLink"="http://WhiteSmokeBar.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"Publisher"="WhiteSmoke Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"URLInfoAbout"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"Dir"="C:\Program Files (x86)\WhiteSmoke\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"ProductName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"WebsiteUrl"="www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"InstallerName"="WhiteSmoke2011.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"PostURL"="http://grammar.whitesmoke.com/client_v2/post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebTemplateWelcome"="http://grammar.whitesmoke.com/client_v2/templates/template_welcome.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Support"="http://grammar.whitesmoke.com/client_V2/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=SupportButton&utm_campaign=SupportButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UpgradeProfile"="https://buy.whitesmoke.com/?d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=BuyButton&utm_campaign=BuyButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictURL"="http://grammar.whitesmoke.com/client_v2/lib/action.post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictLanding"="http://grammar.whitesmoke.com/client_v2/dict/promotion.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictExpired"="http://grammar.whitesmoke.com/client_v2/dict/expired.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebClient"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen1.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Demo"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Purchase"="http://www.whitesmoke.com/buy.php?id_client=7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"RegistrationForm"="http://whitesmoke.com/registersoft/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UseIt"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&first_time=yes&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UserGuide"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WelcomeURL"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"FAQ"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=3&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=FaqButton&utm_campaign=FaqButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"BrowserSearchDisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"DisplayTitle"="WhiteSmoke_Bar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"Path"="C:\Program Files (x86)\WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\WhiteSmoke_Bar\WhiteSmoke_BarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"AutoUpdateHelperPath"="C:\Users\Owner\AppData\Local\Conduit\CT3007394\WhiteSmoke_BarAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"ProxyDllPath"="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
"Title"="WhiteSmoke Bar Notifications"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"WebServerUrl"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/?d=11&a=0&r=1568"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"

========== filefind ==========

Searching for "searchqu"
No files found.

========== folderfind ==========

Searching for "searchqu"
No folders found.

========== regfind ==========

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderName"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderDomain"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector\HomePage]
"LastIntruderDomain"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderName"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderDomain"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector\HomePage]
"LastIntruderDomain"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"

-= EOF =-

--------------------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 206):
0x0205C000 \SystemRoot\system32\ntoskrnl.exe
0x02016000 \SystemRoot\system32\hal.dll
0x0060D000 \SystemRoot\system32\kdcom.dll
0x00617000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00652000 \SystemRoot\system32\PSHED.dll
0x00666000 \SystemRoot\system32\CLFS.SYS
0x006C3000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\system32\drivers\isapnp.sys
0x00998000 \SystemRoot\system32\drivers\mpio.sys
0x009BA000 \SystemRoot\System32\drivers\partmgr.sys
0x009CF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009D3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009DF000 \SystemRoot\system32\drivers\volmgr.sys
0x00775000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F3000 \SystemRoot\system32\drivers\intelide.sys
0x007DB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00800000 \SystemRoot\system32\drivers\aliide.sys
0x00807000 \SystemRoot\system32\drivers\amdide.sys
0x007EB000 \SystemRoot\system32\drivers\cmdide.sys
0x00A0A000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A1D000 \SystemRoot\system32\drivers\msdsm.sys
0x00A3B000 \SystemRoot\system32\drivers\nvraid.sys
0x00A5E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A8A000 \SystemRoot\system32\drivers\pciide.sys
0x00A91000 \SystemRoot\system32\drivers\viaide.sys
0x00A99000 \SystemRoot\system32\drivers\iastorv.sys
0x00B60000 \SystemRoot\system32\drivers\atapi.sys
0x00B68000 \SystemRoot\system32\drivers\ataport.SYS
0x00B8C000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00C06000 \SystemRoot\system32\drivers\storport.sys
0x00C63000 \SystemRoot\system32\drivers\msahci.sys
0x00C6D000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C7B000 \SystemRoot\system32\drivers\adp94xx.sys
0x00CF4000 \SystemRoot\system32\drivers\adpahci.sys
0x00D4A000 \SystemRoot\system32\drivers\adpu160m.sys
0x00D6B000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D99000 \SystemRoot\system32\drivers\adpu320.sys
0x00DC8000 \SystemRoot\system32\drivers\djsvs.sys
0x00DE0000 \SystemRoot\system32\drivers\arc.sys
0x00BAA000 \SystemRoot\system32\drivers\arcsas.sys
0x00E08000 \SystemRoot\system32\drivers\elxstor.sys
0x00EAB000 \SystemRoot\system32\drivers\i2omp.sys
0x00EB6000 \SystemRoot\system32\drivers\iirsp.sys
0x00EC7000 \SystemRoot\system32\drivers\iteatapi.sys
0x00ED4000 \SystemRoot\system32\drivers\iteraid.sys
0x00EE1000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00EFF000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F1B000 \SystemRoot\system32\drivers\megasas.sys
0x00F27000 \SystemRoot\system32\drivers\megasr.sys
0x00FEE000 \SystemRoot\system32\drivers\mraid35x.sys
0x00BC3000 \SystemRoot\system32\drivers\nfrd960.sys
0x00BD3000 \SystemRoot\system32\drivers\nvstor.sys
0x01008000 \SystemRoot\system32\drivers\ql2300.sys
0x0115A000 \SystemRoot\system32\drivers\ql40xx.sys
0x011B8000 \SystemRoot\system32\drivers\sisraid2.sys
0x011C6000 \SystemRoot\system32\drivers\sisraid4.sys
0x011DC000 \SystemRoot\system32\drivers\symc8xx.sys
0x011EA000 \SystemRoot\system32\drivers\sym_hi.sys
0x00BE3000 \SystemRoot\system32\drivers\sym_u3.sys
0x01208000 \SystemRoot\system32\drivers\uliahci.sys
0x01251000 \SystemRoot\system32\drivers\ulsata.sys
0x01280000 \SystemRoot\system32\drivers\ulsata2.sys
0x012C2000 \SystemRoot\system32\drivers\vsmraid.sys
0x012E9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01330000 \SystemRoot\system32\drivers\fileinfo.sys
0x01344000 \SystemRoot\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
0x0140C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01606000 \SystemRoot\system32\drivers\ndis.sys
0x01493000 \SystemRoot\system32\drivers\msrpc.sys
0x014E3000 \SystemRoot\system32\drivers\NETIO.SYS
0x0180C000 \SystemRoot\System32\drivers\tcpip.sys
0x01981000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A0D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B8D000 \SystemRoot\system32\drivers\wd.sys
0x01B95000 \SystemRoot\system32\drivers\volsnap.sys
0x01BD9000 \SystemRoot\System32\Drivers\spldr.sys
0x01BE1000 \SystemRoot\system32\drivers\sbp2port.sys
0x019AD000 \SystemRoot\System32\Drivers\mup.sys
0x019BF000 \SystemRoot\System32\drivers\ecache.sys
0x01A00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019EB000 \SystemRoot\system32\drivers\disk.sys
0x01800000 \SystemRoot\system32\drivers\crcdisk.sys
0x017ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0153C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01545000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x01BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02A07000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03426000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03509000 \SystemRoot\System32\drivers\watchdog.sys
0x03519000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03525000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0356B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03601000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03807000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0397F000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x039B5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x039CB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x039D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x036EE000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x039E5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x039E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03744000 \SystemRoot\system32\DRIVERS\enecir.sys
0x03760000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039F3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0377C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03785000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x03791000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x037CA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x037D7000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x0357C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x037F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0359F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x035D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x035E0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01558000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01570000 \SystemRoot\system32\DRIVERS\taphss.sys
0x0157D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01590000 \SystemRoot\system32\DRIVERS\ks.sys
0x015C4000 \SystemRoot\system32\DRIVERS\circlass.sys
0x015D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x015E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x013AB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0480A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0481E000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04895000 \SystemRoot\system32\DRIVERS\portcls.sys
0x048D0000 \SystemRoot\system32\DRIVERS\drmk.sys
0x048F3000 \SystemRoot\system32\drivers\ksthunk.sys
0x04C04000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x04D40000 \SystemRoot\system32\drivers\modem.sys
0x04D4F000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x04D73000 \SystemRoot\system32\DRIVERS\hidir.sys
0x04D7E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04D90000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04D98000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04DA3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04DAE000 \SystemRoot\system32\drivers\RTSTOR64.SYS
0x04DC4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x048F9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04DE0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04DEA000 \SystemRoot\System32\Drivers\Null.SYS
0x04923000 \SystemRoot\System32\drivers\vga.sys
0x04931000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04DF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04956000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0495F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0496A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0497B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04984000 \SystemRoot\system32\DRIVERS\tdx.sys
0x049A1000 \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
0x04A0D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04A43000 \SystemRoot\system32\DRIVERS\smb.sys
0x04A5E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04AA2000 \SystemRoot\system32\drivers\afd.sys
0x04B0D000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04B18000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04B36000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x04B41000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04B50000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04B6B000 \SystemRoot\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
0x04B7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04BCC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05005000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110819.030\IDSvia64.sys
0x05082000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x050FB000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x05121000 \SystemRoot\System32\Drivers\dfsc.sys
0x0513E000 \SystemRoot\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
0x0520A000 \SystemRoot\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
0x05261000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0526F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0527B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05285000 \SystemRoot\System32\drivers\Dxapi.sys
0x05291000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x052A4000 \SystemRoot\system32\drivers\luafv.sys
0x052C6000 \SystemRoot\system32\drivers\spsys.sys
0x05360000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05374000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x053A8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x053B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x1680C000 \SystemRoot\system32\drivers\HTTP.sys
0x168AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x168D8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x168F6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16910000 \SystemRoot\system32\drivers\mrxdav.sys
0x16937000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16960000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x169A9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x169C8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x16A05000 \SystemRoot\System32\DRIVERS\srv.sys
0x16A98000 \SystemRoot\system32\drivers\peauth.sys
0x16B4E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16B59000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x16B61000 \SystemRoot\System32\drivers\tcpipreg.sys
0x16B71000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x16B98000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77990000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
584 csrss.exe
616 C:\Windows\System32\wininit.exe
636 csrss.exe
672 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
340 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\stacsv64.exe
1040 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\SLsvc.exe
1296 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\hpservice.exe
1440 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\wlanext.exe
1672 C:\Windows\System32\spoolsv.exe
1696 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
1916 C:\Windows\System32\agr64svc.exe
1928 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1940 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1988 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
1200 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
1448 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
1876 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2088 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
2136 C:\Windows\System32\svchost.exe
2156 C:\Program Files (x86)\SMINST\BLService.exe
2220 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2304 C:\Windows\System32\svchost.exe
2432 C:\Windows\trlrm\RMHSvc.exe
2456 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2500 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2516 C:\Windows\System32\svchost.exe
2616 C:\Windows\System32\SearchIndexer.exe
2944 WmiPrvSE.exe
1128 HP1006MC.EXE
3188 C:\Windows\System32\taskeng.exe
3376 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
3444 C:\Windows\System32\taskeng.exe
3472 C:\Windows\System32\dwm.exe
3568 C:\Windows\explorer.exe
3804 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3812 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3828 C:\Program Files\IDT\WDM\sttray64.exe
3836 C:\Windows\System32\igfxtray.exe
3848 C:\Windows\System32\hkcmd.exe
3864 C:\Windows\System32\igfxpers.exe
3872 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3936 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3960 C:\Program Files\Windows Sidebar\sidebar.exe
4008 C:\Windows\System32\igfxsrvc.exe
4016 C:\Windows\ehome\ehtray.exe
3432 C:\Windows\ehome\ehmsas.exe
1340 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3716 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1668 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
3124 C:\Program Files (x86)\UltimateZip\uzqkst.exe
4124 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4184 WmiPrvSE.exe
4212 C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe
4224 C:\Users\Owner\AppData\Roaming\Skype\{4C1903B9-998B-489E-BBFF-F0BB8041B8BE}\Upgrade.exe
4240 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4276 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4380 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4584 C:\Program Files\iPod\bin\iPodService.exe
4648 C:\Windows\System32\wbem\unsecapp.exe
4848 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4912 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1864 C:\Program Files\Windows Media Player\wmpnscfg.exe
5068 C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
2168 C:\Program Files\Windows Media Player\wmpnetwk.exe
3648 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5764 C:\Windows\System32\svchost.exe
5852 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5028 taskeng.exe
5696 taskeng.exe
1688 C:\Windows\servicing\TrustedInstaller.exe
2424 C:\Windows\System32\VSSVC.exe
2112 C:\Windows\System32\svchost.exe
5216 C:\Users\Owner\Desktop\MBRCheck.exe
3704 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`7df00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
You have a lot going on, whitesmoke and searchgu need to go and where looking at a possible Master Boot Record infection

Thats a lot to go over, what I would like you to do first is run Malwarebytes again, make sure to update it first and run the Quick scan, make sure to remove any entries related to both the above


Then reboot and run System Look again exactly as you ran it before. Delete the old entries it found so that there won't be any confusion on posting the new results

When you ran aswMBR, it dumped a copy of your MBR on your desktop

C:\Users\Owner\Desktop\MBR.dat <--What I would like you to do is zip it and then attach it to this thread in your next reply so we can look at it and see if its infected
 
I'm not quite sure how to delete the old entries short of comparing the two line by line, so I've just posted as is for now. Is there a quicker way to remove the old entries? If so I can edit this post or make note of it for another time.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

27/01/2012 1:17:04 AM
mbam-log-2012-01-27 (01-17-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194013
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Users\Owner\AppData\Roaming\Skype\{4C1903B9-998B-489E-BBFF-F0BB8041B8BE}\Upgrade.exe (Trojan.FakeMS) -> 4224 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KeApplet (Trojan.FakeMS) -> Data: C:\Users\Owner\AppData\Roaming\Skype\{4C1903B9-998B-489E-BBFF-F0BB8041B8BE}\Upgrade.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|KeApplet (Trojan.FakeMS) -> Data: C:\Users\Owner\AppData\Roaming\Skype\{4C1903B9-998B-489E-BBFF-F0BB8041B8BE}\Upgrade.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\AppData\Roaming\Skype\{4C1903B9-998B-489E-BBFF-F0BB8041B8BE}\Upgrade.exe (Trojan.FakeMS) -> Delete on reboot.

(end)

-----------------------------------------------------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 01:25 on 27/01/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "WhiteSmoke"
No files found.

========== folderfind ==========

Searching for "WhiteSmoke"
C:\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\Users\Owner\AppData\Roaming\WhiteSmoke d------ [15:33 29/08/2011]

========== regfind ==========

Searching for "WhiteSmoke"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
"Title"="WhiteSmoke Bar Notifications"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"WebServerUrl"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/?d=11&a=0&r=1568"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeBar.OurToolbar.com/help/#2_5"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
@="WhiteSmoke Bar API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
@="WhiteSmoke Bar API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{167d9323-f7cc-48f5-948a-6f012831a69f}]
"Name"="WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars]
"WhiteSmoke Bar Toolbar"="{167D9323-F7CC-48F5-948A-6F012831A69F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
"AppPath"="C:\Program Files (x86)\WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
"AppName"="WhiteSmoke_BarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D711319B-8446-4D31-8478-B1E4FC114F82}]
"AppName"="WhiteSmoke_BarAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke\Uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke\Uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"URLInfoAbout"="http://www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"Publisher"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Bar Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayName"="WhiteSmoke Bar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"HelpLink"="http://WhiteSmokeBar.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"Publisher"="WhiteSmoke Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"URLInfoAbout"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"Dir"="C:\Program Files (x86)\WhiteSmoke\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"ProductName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"WebsiteUrl"="www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"InstallerName"="WhiteSmoke2011.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"PostURL"="http://grammar.whitesmoke.com/client_v2/post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebTemplateWelcome"="http://grammar.whitesmoke.com/client_v2/templates/template_welcome.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Support"="http://grammar.whitesmoke.com/client_V2/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=SupportButton&utm_campaign=SupportButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UpgradeProfile"="https://buy.whitesmoke.com/?d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=BuyButton&utm_campaign=BuyButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictURL"="http://grammar.whitesmoke.com/client_v2/lib/action.post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictLanding"="http://grammar.whitesmoke.com/client_v2/dict/promotion.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictExpired"="http://grammar.whitesmoke.com/client_v2/dict/expired.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebClient"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen1.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Demo"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Purchase"="http://www.whitesmoke.com/buy.php?id_client=7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"RegistrationForm"="http://whitesmoke.com/registersoft/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UseIt"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&first_time=yes&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UserGuide"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WelcomeURL"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"FAQ"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=3&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=FaqButton&utm_campaign=FaqButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"BrowserSearchDisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"DisplayTitle"="WhiteSmoke_Bar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"Path"="C:\Program Files (x86)\WhiteSmoke_Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\WhiteSmoke_Bar\WhiteSmoke_BarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"AutoUpdateHelperPath"="C:\Users\Owner\AppData\Local\Conduit\CT3007394\WhiteSmoke_BarAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\toolbar]
"ProxyDllPath"="C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
"Title"="WhiteSmoke Bar Notifications"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"WebServerUrl"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar]
"DisplayName"="WhiteSmoke Bar"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/?d=11&a=0&r=1568"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeBar.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="WhiteSmoke Bar Customized Web Search"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"="WhiteSmoke Registration App"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"="WSEnrichment Application"

========== filefind ==========

Searching for "searchqu"
No files found.

========== folderfind ==========

Searching for "searchqu"
No folders found.

========== regfind ==========

Searching for "searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderName"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderDomain"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector\HomePage]
"LastIntruderDomain"="www.searchqu.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderName"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector]
"IntruderProviderDomain"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\toolbar\Settings\FeatureProtector\HomePage]
"LastIntruderDomain"="www.searchqu.com"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"

-= EOF =-
 
Good Morning,

Just hang on a bit , I am sending your MBR dump to be checked and I am going to work on removing all the whitesmoke and searchqu junk
 
Lets get rid of this garbage first , we may need to get an offline dump of your MBR after this.

Run this script with OTL, post the log that it produces, then run System Look again with the same script and we will see if it got it all


Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: 
    :processes
killallprocesses

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_CURRENT_USER\Software\DataMngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\ilivid]
[-HKEY_CURRENT_USER\Software\searchqutoolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
"{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
"{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
"{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
@="{B056521A-9B10-425E-B616-1FCD828DB3B1}"

:Files
%APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
%APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
%APPDATA%\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
%APPDATA%\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar
%LOCALAPPDATA%\Ilivid Player
%LOCALAppData%\Ilivid Player
%LOCALAppData%\Local\Ilivid Player
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\iLividSetupV1.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\ilivid[1].7z
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GBMVTTH\SetupDataMngr_Searchqu[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLNI2AO8\ilivid[1].7z
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2VD3MCE\BandooV6[1].exe
%LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ84V0EK\searchqu_net[1].htm
%TEMP%\BandooFiles
%TEMP%\BandooV6.exe
%TEMP%\Low\Cookies\toni@searchqu[1].txt
%TEMP%\SetupDataMngr_Searchqu.exe
%TEMP%\SweetIMReinstall
%TEMP%\SweetIMReinstall\SweetImSetup.exe
%TEMP%\ilivid.7z
%TEMP%\searchqu.ini
%TEMP%\searchqutoolbar-manifest.xml
%USERPROFILE%\AppData\LocalLow\searchquband
%USERPROFILE%\AppData\LocalLow\searchqutoolbar
%USERPROFILE%\Downloads\SweetImSetup.exe
%USERPROFILE%\Downloads\iLividSetupV1.exe
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\iLivid
C:\Windows\Prefetch\ILIVID*
C:\Windows\Prefetch\SEARCHQUMEDIABAR*
C:\Windows\Prefetch\SETUPDATAMNGR*

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar not found.
C:\Users\Owner\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\Owner\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Owner\AppData\Local\Local\Ilivid Player not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\iLividSetupV1.exe not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\ilivid[1].7z not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GBMVTTH\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLNI2AO8\ilivid[1].7z not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2VD3MCE\BandooV6[1].exe not found.
File/Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ84V0EK\searchqu_net[1].htm not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\Low\Cookies\toni@searchqu[1].txt not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Owner\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
C:\Users\Owner\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\Owner\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
C:\Users\Owner\AppData\LocalLow\searchqutoolbar folder moved successfully.
File/Folder C:\Users\Owner\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Owner\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 1382707 bytes
->Temporary Internet Files folder emptied: 136217 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46318899 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1878 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 200864 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 304054 bytes

Total Files Cleaned = 46.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_222727

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JET90E9.tmp not found!

Registry entries deleted on Reboot...
 
OTL logfile created on: 27/01/2012 10:43:43 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 61.30% Memory free
7.98 Gb Paging File | 6.25 Gb Available in Paging File | 78.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.97 Gb Total Space | 59.72 Gb Free Space | 20.88% Space Free | Partition Type: NTFS
Drive D: | 12.12 Gb Total Space | 1.94 Gb Free Space | 16.01% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\trlrm\RMHSvc.exe (Trlokom, Inc.)
PRC - C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b304c1f9341d141746ec101b5bf202cf\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b304c1f9341d141746ec101b5bf202cf\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b6da684a4289bb2053ab12bbb773e808\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e070ca981473e64c0de7fd01cb019b5f\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2b4cd4567a7ed7d9ecd8e43352a66dd\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\scheduler.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\restore.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\cpuid.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_ssl.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\aggdraw.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_imaging.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_socket.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_multiprocessing.pyd ()
MOD - C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (trlokom_rmhsvc) -- C:\Windows\trlrm\RMHSvc.exe (Trlokom, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (Sockblkd) -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys (DataWizard Technologies, Inc.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110821.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110821.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110819.030\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (trlkprot) -- C:\Windows\SysWOW64\drivers\trlkprot.sys (Trlokom Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.15
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..network.proxy.http: "125.5.6.7.7.7"
FF - prefs.js..network.proxy.http_port: 8231
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 10:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/23 04:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 12:19:32 | 000,000,000 | ---D | M]

[2011/10/31 11:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/01/27 00:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions
[2011/08/26 22:24:15 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2010/04/28 08:47:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 08:47:22 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2011/03/03 13:33:57 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\cacaoweb@cacaoweb.org
[2010/06/25 19:38:16 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\radiobar@toolbar
[2011/03/29 22:30:59 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\webmaster@keep-tube.com
[2011/07/27 10:46:34 | 000,000,931 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchplugins\conduit.xml
[2011/10/31 11:32:09 | 000,002,520 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchplugins\SearchResults.xml
[2012/01/27 22:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/09 19:58:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/27 13:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/28 22:44:23 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/10/12 10:12:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2012/01/27 22:33:02 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010/07/27 13:06:41 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/31 11:32:09 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/01/25 11:15:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..\Toolbar\WebBrowser: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Driver Fetch] C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
O4 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000..\Run: [cdloader] C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk = C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED73AC6B-7A58-4C36-B3E3-399653F0B91C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 07:49:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Help
[2012/01/24 22:50:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/24 15:21:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/23 21:13:28 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/23 21:13:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/23 14:57:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/23 14:39:57 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/01/23 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\erunt
[2012/01/23 04:21:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/23 04:21:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/23 04:21:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/23 04:21:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 04:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 04:20:41 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/22 12:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/22 11:59:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/01/19 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/01/19 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/19 10:56:09 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/19 10:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/19 10:55:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 10:40:06 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/12 23:38:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/12 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backup
[2012/01/12 23:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/12 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/12 23:35:28 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Owner\Documents\erunt-setup.exe
[2012/01/12 13:11:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/12 13:11:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/12 13:11:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/12 13:11:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/12 13:11:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/12 13:11:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/12 13:11:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/12 13:11:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/12 13:11:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/12 13:11:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/12 13:11:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/12 13:11:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/12 13:11:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/12 13:11:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/12 13:11:23 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/12 13:11:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/12 13:11:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/12 13:11:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/12 13:11:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/12 13:11:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/12 13:11:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/12 13:11:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/12 13:11:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/12 13:11:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/12 13:11:22 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/12 13:11:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/12 13:11:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/12 13:11:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/12 13:11:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/12 13:11:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/12 13:11:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/12 13:11:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/12 13:11:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/12 13:11:15 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/12 13:11:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/12 13:11:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/12 13:11:15 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/12 13:11:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/12 13:11:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/12 13:11:15 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/12 13:11:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/12 13:11:15 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/12 13:11:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/12 13:11:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/12 13:11:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/12 13:11:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/12 13:11:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/12 13:11:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/12 13:11:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/12 13:11:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/12 13:11:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/12 13:11:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/12 13:11:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/12 13:11:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/12 13:11:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/12 13:11:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/12 13:11:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/12 13:11:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/12 13:11:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/12 13:11:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/12 13:11:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/12 13:11:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/12 13:11:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/12 13:11:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/12 13:11:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/12 13:11:12 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/12 13:11:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/12 13:11:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/12 13:11:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/12 13:11:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/12 13:11:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/12 13:11:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/12 13:11:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/12 13:11:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/10 21:15:53 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 21:15:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 21:15:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 21:15:53 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 21:15:48 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 21:15:46 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/10 21:15:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/10 21:15:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/10 21:15:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/10 21:15:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/10 21:15:43 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/10 21:15:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 21:15:42 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/12/30 14:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/27 22:34:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 22:33:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 22:33:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 22:32:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 22:32:46 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 22:24:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 01:21:46 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/01/27 01:14:14 | 000,000,549 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.zip
[2012/01/26 14:16:37 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2012/01/26 14:16:20 | 000,165,376 | ---- | M] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
[2012/01/25 20:25:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 11:15:12 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/24 15:21:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/23 14:38:48 | 000,513,320 | ---- | M] () -- C:\Users\Owner\Desktop\erunt.zip
[2012/01/23 04:20:46 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/23 00:10:50 | 001,655,273 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 23, 2012.pdf
[2012/01/22 11:59:17 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/01/20 18:08:53 | 000,458,240 | ---- | M] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2012/01/20 16:50:08 | 001,655,284 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 20, 2012.pdf
[2012/01/20 12:43:56 | 001,720,072 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Freelance Legal Writer.pdf
[2012/01/19 10:56:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 10:55:00 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 10:53:24 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/01/19 10:40:27 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/17 19:47:44 | 000,032,819 | ---- | M] () -- C:\Users\Owner\Documents\Jay Z.jpg
[2012/01/15 14:03:43 | 000,012,782 | -HS- | M] () -- C:\ProgramData\775r1r7n5385
[2012/01/15 14:03:42 | 000,012,782 | -HS- | M] () -- C:\Users\Owner\AppData\Local\775r1r7n5385
[2012/01/12 23:38:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/12 23:35:56 | 000,000,723 | ---- | M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2012/01/12 23:35:56 | 000,000,704 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2012/01/12 23:35:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Owner\Documents\erunt-setup.exe
[2012/01/12 23:10:40 | 082,885,256 | ---- | M] () -- C:\Users\Owner\Documents\avira_free_antivirus_en.exe
[2012/01/12 13:22:20 | 000,000,036 | RH-- | M] () -- C:\Windows\sued.dat
[2012/01/12 13:16:57 | 000,000,899 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:11:39 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/01/12 13:11:39 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/01/12 13:11:39 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/01/12 13:11:39 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/01/12 13:11:24 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/12 13:11:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/12 13:11:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/12 13:11:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/12 13:11:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/12 13:11:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/12 13:11:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/12 13:11:23 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/12 13:11:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/12 13:11:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/12 13:11:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/12 13:11:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/12 13:11:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/12 13:11:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/12 13:11:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/12 13:11:23 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/12 13:11:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/12 13:11:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/12 13:11:22 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/12 13:11:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/12 13:11:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/12 13:11:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/12 13:11:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/12 13:11:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/12 13:11:22 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/12 13:11:22 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/12 13:11:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/12 13:11:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/12 13:11:22 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/12 13:11:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/12 13:11:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/12 13:11:21 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/12 13:11:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/12 13:11:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/12 13:11:15 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/12 13:11:15 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/12 13:11:15 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/12 13:11:15 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/12 13:11:15 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/12 13:11:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/12 13:11:15 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/12 13:11:15 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/12 13:11:15 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/12 13:11:15 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/12 13:11:15 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/12 13:11:15 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/12 13:11:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/12 13:11:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/12 13:11:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/12 13:11:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/12 13:11:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/12 13:11:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/12 13:11:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/12 13:11:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/12 13:11:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/12 13:11:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/12 13:11:13 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/12 13:11:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/12 13:11:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/12 13:11:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/12 13:11:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/12 13:11:12 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/12 13:11:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/12 13:11:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/12 13:11:12 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/12 13:11:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/12 13:11:12 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/12 13:11:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/12 13:11:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/12 13:11:12 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/12 13:11:12 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/12 13:11:12 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/12 13:11:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/12 13:11:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/12 13:11:12 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/12 13:11:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/11 15:05:54 | 001,531,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 15:05:54 | 000,673,028 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/01/11 15:05:54 | 000,604,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 15:05:54 | 000,128,126 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/01/11 15:05:54 | 000,110,516 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 02:24:08 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2012/01/04 11:06:03 | 000,043,892 | ---- | M] () -- C:\Users\Owner\Desktop\20120106.htm
[2011/12/30 14:18:50 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 01:14:14 | 000,000,549 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.zip
[2012/01/26 14:16:37 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2012/01/26 14:16:19 | 000,165,376 | ---- | C] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
[2012/01/23 14:38:47 | 000,513,320 | ---- | C] () -- C:\Users\Owner\Desktop\erunt.zip
[2012/01/23 04:21:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/23 04:21:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/23 04:21:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/23 04:21:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/23 04:21:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/23 00:10:44 | 001,655,273 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 23, 2012.pdf
[2012/01/20 18:08:52 | 000,458,240 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2012/01/20 16:50:04 | 001,655,284 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 20, 2012.pdf
[2012/01/20 12:43:48 | 001,720,072 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Freelance Legal Writer.pdf
[2012/01/19 10:56:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 10:53:24 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/01/17 19:47:44 | 000,032,819 | ---- | C] () -- C:\Users\Owner\Documents\Jay Z.jpg
[2012/01/12 23:35:56 | 000,000,723 | ---- | C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2012/01/12 23:35:56 | 000,000,704 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2012/01/12 23:09:54 | 082,885,256 | ---- | C] () -- C:\Users\Owner\Documents\avira_free_antivirus_en.exe
[2012/01/12 13:16:57 | 000,000,899 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:11:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/12 13:11:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/12 12:48:58 | 000,012,782 | -HS- | C] () -- C:\Users\Owner\AppData\Local\775r1r7n5385
[2012/01/12 12:48:58 | 000,012,782 | -HS- | C] () -- C:\ProgramData\775r1r7n5385
[2012/01/04 11:06:02 | 000,043,892 | ---- | C] () -- C:\Users\Owner\Desktop\20120106.htm
[2011/12/30 14:17:54 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/30 14:17:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/28 02:31:41 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/28 02:31:41 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/20 19:22:26 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/17 17:35:11 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/17 17:35:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/17 17:35:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/30 15:45:37 | 000,000,036 | RH-- | C] () -- C:\Windows\sued.dat
[2009/11/28 00:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2009/11/24 19:00:23 | 000,001,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/10/05 15:15:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/22 22:19:33 | 000,026,112 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 16:43:36 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/22 11:31:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/22 11:31:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/22 11:31:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/11/03 20:18:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/14 05:17:20 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Windows\SysWow64\ABLED:CACAOWEB

< End of report >
 
Good Morning Meg,

Lots more to remove

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses


:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
FF - prefs.js..network.proxy.http: "125.5.6.7.7.7"
FF - prefs.js..network.proxy.http_port: 8231
[2011/08/26 22:24:15 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/10/31 11:32:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
[2012/01/15 14:03:43 | 000,012,782 | -HS- | M] () -- C:\ProgramData\775r1r7n5385
[2012/01/15 14:03:42 | 000,012,782 | -HS- | M] () -- C:\Users\Owner\AppData\Local\775r1r7n5385
[2012/01/04 11:06:03 | 000,043,892 | ---- | M] () -- C:\Users\Owner\Desktop\20120106.htm

:files
C:\Program Files (x86)\WhiteSmoke
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke
C:\Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke
C:\Users\Owner\AppData\Roaming\WhiteSmoke
ipconfig /flushdns /c

:reg
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{167d9323-f7cc-48f5-948a-6f012831a69f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars]
"WhiteSmoke Bar Toolbar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D711319B-8446-4D31-8478-B1E4FC114F82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Bar Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe"=-
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_CURRENT_USER\Software\SearchCore for Browsers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\searchqutoolbar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers]
[-HKEY_CLASSES_ROOT\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}]
[-HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_CLASSES_ROOT\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CLASSES_ROOT\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}]
[-HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
[-HKEY_CLASSES_ROOT\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[-HKEY_CLASSES_ROOT\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}]
[-HKEY_CLASSES_ROOT\CLSID\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}]
[-HKEY_CLASSES_ROOT\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}]
[-HKEY_CLASSES_ROOT\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}]
[-HKEY_CLASSES_ROOT\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}]
[-HKEY_CLASSES_ROOT\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}]
[-HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]
[-HKEY_CLASSES_ROOT\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}]
[-HKEY_CLASSES_ROOT\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}]
[-HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}]
[-HKEY_CLASSES_ROOT\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}]
[-HKEY_CLASSES_ROOT\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[-HKEY_CLASSES_ROOT\CLSID\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}]
[-HKEY_CLASSES_ROOT\CLSID\{D711319B-8446-4D31-8478-B1E4FC114F82}]
[-HKEY_CLASSES_ROOT\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CLASSES_ROOT\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_CLASSES_ROOT\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}]
[-HKEY_CLASSES_ROOT\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}]

:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )






Then run System Look again and plug these in and post the report, you can drag the old report to the trash so there wont be any confusion

Code: 
:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Last edited:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: "WhiteSmoke Bar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "125.5.6.7.7.7" removed from network.proxy.http
Prefs.js: 8231 removed from network.proxy.http_port
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\searchplugin folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\META-INF folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\defaults folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} folder moved successfully.
Folder C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\ProgramData\775r1r7n5385 moved successfully.
C:\Users\Owner\AppData\Local\775r1r7n5385 moved successfully.
C:\Users\Owner\Desktop\20120106.htm moved successfully.
========== FILES ==========
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\images folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\css folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\objects\p7tm folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\objects folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\img\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\images folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Well Wishes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Thank You folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\University Correspondence folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Careers folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Admissions Essays folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Personal Matters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Promotions folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Legal folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Advertising folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Letters of Recommendation folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Personnel Office folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings\Graduation folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings\Christmas folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Finance folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Family folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Condolences folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Community Work folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Apologies folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\css folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js\NonPackedVersion folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\screens folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\review-section folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\grammar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html folder moved successfully.
C:\Program Files (x86)\WhiteSmoke folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke not found.
C:\Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke folder moved successfully.
C:\Users\Owner\AppData\Roaming\WhiteSmoke folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\WhiteSmoke\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{167d9323-f7cc-48f5-948a-6f012831a69f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars\\WhiteSmoke Bar Toolbar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D711319B-8446-4D31-8478-B1E4FC114F82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D711319B-8446-4D31-8478-B1E4FC114F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke Bar Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_Bar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1394781\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke_Bar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_Bar Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\WhiteSmoke\ not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_Bar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\WhiteSmoke_Bar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\SearchCore for Browsers\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\SearchCore for Browsers\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A8C81A4-D9DA-4461-9176-53EDB3DE99FE}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63E5EB76-C3D1-4749-848C-7D9DB8CBE609}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{D711319B-8446-4D31-8478-B1E4FC114F82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D711319B-8446-4D31-8478-B1E4FC114F82}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 599314 bytes
->Temporary Internet Files folder emptied: 133928 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44616796 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1691 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98212 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 277342 bytes

Total Files Cleaned = 44.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_125523

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JET8D6F.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
 
OTL logfile created on: 28/01/2012 1:08:46 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.43% Memory free
7.98 Gb Paging File | 6.28 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.97 Gb Total Space | 58.21 Gb Free Space | 20.36% Space Free | Partition Type: NTFS
Drive D: | 12.12 Gb Total Space | 1.94 Gb Free Space | 16.01% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\trlrm\RMHSvc.exe (Trlokom, Inc.)
PRC - C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b304c1f9341d141746ec101b5bf202cf\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b304c1f9341d141746ec101b5bf202cf\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b6da684a4289bb2053ab12bbb773e808\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e070ca981473e64c0de7fd01cb019b5f\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2b4cd4567a7ed7d9ecd8e43352a66dd\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\scheduler.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\restore.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\cpuid.dll ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_ssl.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\aggdraw.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_imaging.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_socket.pyd ()
MOD - C:\Program Files (x86)\Driver Fetch\2.1.0.0\_multiprocessing.pyd ()
MOD - C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (trlokom_rmhsvc) -- C:\Windows\trlrm\RMHSvc.exe (Trlokom, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (Sockblkd) -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys (DataWizard Technologies, Inc.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110821.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110821.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110819.030\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (trlkprot) -- C:\Windows\SysWOW64\drivers\trlkprot.sys (Trlokom Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.15
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 10:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/23 04:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 12:19:32 | 000,000,000 | ---D | M]

[2011/10/31 11:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/01/28 12:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions
[2010/04/28 08:47:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/28 08:47:22 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2011/03/03 13:33:57 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\cacaoweb@cacaoweb.org
[2010/06/25 19:38:16 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\radiobar@toolbar
[2011/03/29 22:30:59 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\webmaster@keep-tube.com
[2011/07/27 10:46:34 | 000,000,931 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchplugins\conduit.xml
[2011/10/31 11:32:09 | 000,002,520 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchplugins\SearchResults.xml
[2012/01/28 12:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/09 19:58:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/27 13:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/28 22:44:23 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/10/12 10:12:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2012/01/28 12:59:29 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWN68AR1.DEFAULT\EXTENSIONS\{167D9323-F7CC-48F5-948A-6F012831A69F}
[2010/07/27 13:06:41 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/31 11:32:09 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/01/28 12:57:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O3 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..\Toolbar\WebBrowser: (Trlokom IE Toolbar) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll (Trlokom, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Driver Fetch] C:\Program Files (x86)\Driver Fetch\2.1.0.0\DriverFetch.exe ()
O4 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000..\Run: [cdloader] C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [OTL] C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk = C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3984993148-1309757251-1189783091-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED73AC6B-7A58-4C36-B3E3-399653F0B91C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 07:49:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Help
[2012/01/24 22:50:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/24 15:21:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/23 21:13:28 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/23 21:13:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/23 14:57:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/23 14:39:57 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/01/23 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\erunt
[2012/01/23 04:21:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/23 04:21:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/23 04:21:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/23 04:21:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 04:21:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 04:20:41 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/22 12:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/22 11:59:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/01/19 10:56:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/01/19 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/19 10:56:09 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/19 10:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/19 10:55:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 10:40:06 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/12 23:38:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/12 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backup
[2012/01/12 23:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/12 23:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/12 23:35:28 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Owner\Documents\erunt-setup.exe
[2012/01/12 13:11:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/12 13:11:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/12 13:11:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/12 13:11:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/12 13:11:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/12 13:11:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/12 13:11:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/12 13:11:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/12 13:11:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/12 13:11:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/12 13:11:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/12 13:11:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/12 13:11:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/12 13:11:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/12 13:11:23 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/12 13:11:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/12 13:11:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/12 13:11:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/12 13:11:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/12 13:11:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/12 13:11:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/12 13:11:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/12 13:11:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/12 13:11:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/12 13:11:22 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/12 13:11:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/12 13:11:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/12 13:11:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/12 13:11:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/12 13:11:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/12 13:11:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/12 13:11:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/12 13:11:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/12 13:11:15 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/12 13:11:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/12 13:11:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/12 13:11:15 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/12 13:11:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/12 13:11:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/12 13:11:15 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/12 13:11:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/12 13:11:15 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/12 13:11:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/12 13:11:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/12 13:11:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/12 13:11:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/12 13:11:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/12 13:11:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/12 13:11:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/12 13:11:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/12 13:11:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/12 13:11:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/12 13:11:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/12 13:11:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/12 13:11:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/12 13:11:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/12 13:11:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/12 13:11:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/12 13:11:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/12 13:11:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/12 13:11:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/12 13:11:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/12 13:11:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/12 13:11:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/12 13:11:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/12 13:11:12 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/12 13:11:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/12 13:11:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/12 13:11:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/12 13:11:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/12 13:11:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/12 13:11:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/12 13:11:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/12 13:11:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/10 21:15:53 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 21:15:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 21:15:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 21:15:53 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 21:15:48 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 21:15:46 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/10 21:15:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/10 21:15:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/10 21:15:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/10 21:15:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/10 21:15:43 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/10 21:15:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 21:15:42 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011/12/30 14:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/28 12:59:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/28 12:59:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 12:59:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 12:59:27 | 000,314,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/28 12:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 12:59:01 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/28 12:57:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/28 12:24:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 01:21:46 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2012/01/26 14:16:37 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2012/01/26 14:16:20 | 000,165,376 | ---- | M] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
[2012/01/25 20:25:00 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/24 15:21:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/23 14:38:48 | 000,513,320 | ---- | M] () -- C:\Users\Owner\Desktop\erunt.zip
[2012/01/23 04:20:46 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/23 00:10:50 | 001,655,273 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 23, 2012.pdf
[2012/01/22 11:59:17 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/01/20 18:08:53 | 000,458,240 | ---- | M] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2012/01/20 16:50:08 | 001,655,284 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 20, 2012.pdf
[2012/01/20 12:43:56 | 001,720,072 | ---- | M] () -- C:\Users\Owner\Documents\Resume- Freelance Legal Writer.pdf
[2012/01/19 10:56:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 10:55:00 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 10:53:24 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/01/19 10:40:27 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/17 19:47:44 | 000,032,819 | ---- | M] () -- C:\Users\Owner\Documents\Jay Z.jpg
[2012/01/12 23:38:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/12 23:35:56 | 000,000,723 | ---- | M] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2012/01/12 23:35:56 | 000,000,704 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2012/01/12 23:35:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Owner\Documents\erunt-setup.exe
[2012/01/12 23:10:40 | 082,885,256 | ---- | M] () -- C:\Users\Owner\Documents\avira_free_antivirus_en.exe
[2012/01/12 13:22:20 | 000,000,036 | RH-- | M] () -- C:\Windows\sued.dat
[2012/01/12 13:16:57 | 000,000,899 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:11:39 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/01/12 13:11:39 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/01/12 13:11:39 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/01/12 13:11:39 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/01/12 13:11:24 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/12 13:11:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/12 13:11:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/12 13:11:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/12 13:11:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/12 13:11:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/12 13:11:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/12 13:11:23 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/12 13:11:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/12 13:11:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/12 13:11:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/12 13:11:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/12 13:11:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/12 13:11:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/12 13:11:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/12 13:11:23 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/12 13:11:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/12 13:11:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/12 13:11:22 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/12 13:11:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/12 13:11:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/12 13:11:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/12 13:11:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/12 13:11:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/12 13:11:22 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/12 13:11:22 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/12 13:11:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/12 13:11:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/12 13:11:22 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/12 13:11:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/12 13:11:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/12 13:11:21 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/12 13:11:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/12 13:11:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/12 13:11:15 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/12 13:11:15 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/12 13:11:15 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/12 13:11:15 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/12 13:11:15 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/12 13:11:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/12 13:11:15 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/12 13:11:15 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/12 13:11:15 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/12 13:11:15 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/12 13:11:15 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/12 13:11:15 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/12 13:11:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/12 13:11:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/12 13:11:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/12 13:11:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/12 13:11:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/12 13:11:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/12 13:11:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/12 13:11:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/12 13:11:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/12 13:11:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/12 13:11:13 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/12 13:11:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/12 13:11:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/12 13:11:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/12 13:11:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/12 13:11:12 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/12 13:11:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/12 13:11:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/12 13:11:12 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/12 13:11:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/12 13:11:12 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/12 13:11:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/12 13:11:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/12 13:11:12 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/12 13:11:12 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/12 13:11:12 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/12 13:11:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/12 13:11:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/12 13:11:12 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/12 13:11:11 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/11 15:05:54 | 001,531,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 15:05:54 | 000,673,028 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/01/11 15:05:54 | 000,604,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 15:05:54 | 000,128,126 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/01/11 15:05:54 | 000,110,516 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 02:24:08 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2011/12/30 14:18:50 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 14:16:37 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
[2012/01/26 14:16:19 | 000,165,376 | ---- | C] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
[2012/01/23 14:38:47 | 000,513,320 | ---- | C] () -- C:\Users\Owner\Desktop\erunt.zip
[2012/01/23 04:21:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/23 04:21:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/23 04:21:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/23 04:21:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/23 04:21:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/23 00:10:44 | 001,655,273 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 23, 2012.pdf
[2012/01/20 18:08:52 | 000,458,240 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2012/01/20 16:50:04 | 001,655,284 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Advocates LLP January 20, 2012.pdf
[2012/01/20 12:43:48 | 001,720,072 | ---- | C] () -- C:\Users\Owner\Documents\Resume- Freelance Legal Writer.pdf
[2012/01/19 10:56:11 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 10:53:24 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/01/17 19:47:44 | 000,032,819 | ---- | C] () -- C:\Users\Owner\Documents\Jay Z.jpg
[2012/01/12 23:35:56 | 000,000,723 | ---- | C] () -- C:\Users\Owner\Desktop\NTREGOPT.lnk
[2012/01/12 23:35:56 | 000,000,704 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2012/01/12 23:09:54 | 082,885,256 | ---- | C] () -- C:\Users\Owner\Documents\avira_free_antivirus_en.exe
[2012/01/12 13:16:57 | 000,000,899 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:11:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/12 13:11:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/30 14:17:54 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/30 14:17:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/28 02:31:41 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/28 02:31:41 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/20 19:22:26 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/17 17:35:11 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/17 17:35:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/17 17:35:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/30 15:45:37 | 000,000,036 | RH-- | C] () -- C:\Windows\sued.dat
[2009/11/28 00:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2009/11/24 19:00:23 | 000,001,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/10/05 15:15:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/22 22:19:33 | 000,026,112 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 16:43:36 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/08/22 11:31:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/22 11:31:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/22 11:31:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/11/03 20:18:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/14 05:17:20 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Windows\SysWow64\ABLED:CACAOWEB

< End of report >
 
SystemLook 30.07.11 by jpshortstuff
Log created at 13:14 on 28/01/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\Program Files (x86)\iLivid\ilivid.exe --a---- 2033152 bytes [16:32 31/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\Program Files (x86)\iLivid\ilivid.ico --a---- 9662 bytes [16:32 31/10/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [16:32 31/10/2011] [16:32 31/10/2011] 02E03DEBBCC6BCDC9A6B72450571F83D
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 230 bytes [16:32 31/10/2011] [16:32 31/10/2011] D7ED6D5834794CAEA898E870AC350E26
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [16:32 31/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [16:32 31/10/2011] [16:32 31/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [16:32 31/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1557 bytes [16:32 31/10/2011] [16:32 31/10/2011] 694DFFFC718091D1F8F5CC7563786481
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [16:32 31/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [16:32 31/10/2011] [16:32 31/10/2011] 02E03DEBBCC6BCDC9A6B72450571F83D
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 230 bytes [16:32 31/10/2011] [16:32 31/10/2011] D7ED6D5834794CAEA898E870AC350E26
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [16:32 31/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [16:32 31/10/2011] [16:32 31/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [16:32 31/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1557 bytes [16:32 31/10/2011] [16:32 31/10/2011] 694DFFFC718091D1F8F5CC7563786481
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [16:32 31/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\Users\Owner\Documents\ilivid installation.exe --a---- 2108336 bytes [16:31 31/10/2011] [16:31 31/10/2011] 378D3A865E52755DBA1DFE596D36829C
C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [16:32 31/10/2011] [16:32 31/10/2011] 466DD468703AAA8B251B53F0EAA011F7

Searching for "*whitesmoke*"
C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [00:54 15/08/2010] [00:54 15/08/2010] A75467F0FD3C3E39B465FBE13099A740
C:\Program Files (x86)\WhiteSmoke_Bar\WhiteSmoke_BarToolbarHelper.exe --a---- 65832 bytes [14:54 20/07/2011] [14:54 20/07/2011] DA11D78D765E4B8FA4CFA5A37E8A94FF
C:\Users\Owner\AppData\Local\Conduit\CT3007394\WhiteSmoke_BarAutoUpdateHelper.exe --a---- 1814560 bytes [14:54 20/07/2011] [16:54 22/01/2012] B6FEBACACC2FC351F59C37E34D8A581C
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk --a---- 1814 bytes [03:24 27/08/2011] [03:24 27/08/2011] 901BC932244F7D30A017E46FB0C29C8B
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe --a---- 2048000 bytes [12:11 05/04/2011] [12:11 05/04/2011] 5D5BE44890B9F4726E7974D4EA537A38
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png --a---- 15639 bytes [09:48 05/04/2011] [09:48 05/04/2011] E1E2764387C41F1FA51960E331C0C695
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png --a---- 23201 bytes [09:48 05/04/2011] [09:48 05/04/2011] 30FE80D96076B03FD65EBE72B8EA1906
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png --a---- 26103 bytes [09:48 05/04/2011] [09:48 05/04/2011] 8CE49C5C27968DA714DB8E924A364A8E
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk --a---- 1772 bytes [03:24 27/08/2011] [03:24 27/08/2011] A8D0E23FF94971EB1584D8B058F4EA43
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk --a---- 1826 bytes [03:24 27/08/2011] [03:24 27/08/2011] CDBA095DBD210A7D838D74CC2D3CC295
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome\whitesmoke_bar.jar --a---- 728245 bytes [03:24 27/08/2011] [15:46 27/07/2011] 041156879BF6589961DE462E8994D3BD

Searching for "*datamngr*"
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll --a---- 1236368 bytes [16:32 31/10/2011] [17:10 27/09/2011] 7B3E521FE419E62BAEE9AA33495BE2B4
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe --a---- 2272656 bytes [16:32 31/10/2011] [17:10 27/09/2011] 468C722A34009CD90CE5C7E506251507
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\datamngrUI.exe --a---- 1700752 bytes [16:32 31/10/2011] [17:10 27/09/2011] 3C8578C0C94432FB1010D05286062FBB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.dll --a---- 351232 bytes [16:32 31/10/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.xpt --a---- 1051 bytes [16:32 31/10/2011] [17:10 27/09/2011] AFD0611AD79C4D2AA3F82637329A1711
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF3.dll --a---- 400896 bytes [16:32 31/10/2011] [17:08 27/09/2011] CB30F72CDD4CF5EF7C01805390D7F4E9
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF4.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 5878826F1265306CAA5058FF46D6D147
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF5.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 1E9E57C77120959CA486244F1DFF77A4
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF6.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] F40633334EBF76768177B49AE1308BCB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF7.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] 0B15C79091D5C380F80307A4E4EDA967
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\content\DataMngr.js --a---- 16466 bytes [16:32 31/10/2011] [13:50 24/08/2011] 64D9BB164FF6E51FBF5541DEAEE23EFD
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\x64\datamngr.dll --a---- 1778584 bytes [16:32 31/10/2011] [17:10 27/09/2011] 9E7340CA01F2140B15C1169822F3D8E4

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchquband d------ [04:12 07/11/2011]
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchqutoolbar d------ [16:32 31/10/2011]

Searching for "*iLivid*"
C:\Program Files (x86)\iLivid d------ [16:32 31/10/2011]
C:\Program Files (x86)\Windows iLivid Toolbar d------ [16:32 31/10/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [16:32 31/10/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\Local\Ilivid Player d------ [16:44 31/10/2011]

Searching for "*whitesmoke*"
C:\Program Files (x86)\WhiteSmoke_Bar d------ [03:23 27/08/2011]
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\WhiteSmoke d------ [15:33 29/08/2011]

Searching for "*datamngr*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [16:32 31/10/2011]
C:\Users\Owner\AppData\LocalLow\DataMngr d------ [04:12 07/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
"DefaultValue"=""homepage": "http://www.searchqu.com/406","
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=119&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player]
"installpath"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"Value"="iLivid Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"DefaultValue"="user_pref("browser.search.selectedEngine", "iLivid Web Search");"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"="ilivid"

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayName"="WhiteSmoke Bar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"HelpLink"="http://WhiteSmokeBar.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"Publisher"="WhiteSmoke Bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"URLInfoAbout"="http://WhiteSmokeBar.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke_Bar\uninstall.exe toolbar"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E46214C9-6FE6-4456-8E79-F09788EA7EF6}]
"AppPath"="C:\PROGRA~2\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"DLLPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"UIPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
 
This list is extensive and exhausting to go over, there may be dupes and an item or two I missed. Run the OTL Fix and post the log it produces, then run System Look again with the same Script as before


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses


:OTL

:Files
C:\Program Files (x86)\Windows iLivid Toolbar
C:\Program Files (x86)\iLivid
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
C:\Users\Owner\Documents\ilivid installation.exe
C:\Users\Public\Desktop\iLivid Download Manager.lnk	
C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm
C:\Program Files (x86)\WhiteSmoke_Bar
C:\Users\Owner\AppData\Local\Conduit
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk
C:\Program Files (x86)\SearchCore for Browsers
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar
C:\Users\Owner\AppData\LocalLow\DataMngr
C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid	


:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"=-
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\iLivid\ilivid.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player\hosts\ilivid.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"="
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Owner\Documents\Drive soundtrack.exe"=-
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"=
"C:\Program Files (x86)\iLivid\ilivid.exe"=-
"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"=-
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E46214C9-6FE6-4456-8E79-F09788EA7EF6}]
"AppPath"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"=-
"{E06CA70A-2926-4F1D-8599-27E051F396A1}"=-
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
Thanks for all of your help! I really appreciate the effort you're putting into this.

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== FILES ==========
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully.
C:\Program Files (x86)\iLivid\imageformats folder moved successfully.
C:\Program Files (x86)\iLivid folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2} folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2} not found.
C:\Users\Owner\Documents\ilivid installation.exe moved successfully.
C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm moved successfully.
C:\Program Files (x86)\WhiteSmoke_Bar folder moved successfully.
C:\Users\Owner\AppData\Local\Conduit\CT3007394 folder moved successfully.
C:\Users\Owner\AppData\Local\Conduit folder moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64 folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar\weather folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\SearchInNewTab folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_en-us\ToolbarTranslation folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_en-us folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_CT3007394\ToolbarSettings folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_CT3007394\ToolbarLogin folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_CT3007394\DynamicDialogs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_CT3007394\AppsMetaData folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository\conduit_CT3007394_CT3007394 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Repository folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\RadioPlayer\Skins folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\RadioPlayer folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\MyStuffApps folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Logs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\ExternalComponent folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\EmailNotifier folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\UninstallDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\DetectedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\DefualtImages folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs\AddedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\Dialogs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar\CacheIcons folder moved successfully.
C:\Users\Owner\AppData\LocalLow\WhiteSmoke_Bar folder moved successfully.
C:\Users\Owner\AppData\LocalLow\DataMngr folder moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\ChromeHomepage\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Owner\Documents\Drive soundtrack.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\iLivid\ilivid.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player\hosts\ilivid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"|" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{E06CA70A-2926-4F1D-8599-27E051F396A1}"|" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"|" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{E06CA70A-2926-4F1D-8599-27E051F396A1}"|" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{CCA07F9E-D317-46D6-A9CA-AE77468A3526}"|" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{E06CA70A-2926-4F1D-8599-27E051F396A1}"|" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Owner\Documents\Drive soundtrack.exe not found.
HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\"C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe"| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Owner\AppData\Local\Temp\miaC5F.tmp\iLividSetupV1.exe deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_Bar Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E46214C9-6FE6-4456-8E79-F09788EA7EF6}\\AppPath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA07F9E-D317-46D6-A9CA-AE77468A3526} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA07F9E-D317-46D6-A9CA-AE77468A3526}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA07F9E-D317-46D6-A9CA-AE77468A3526} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA07F9E-D317-46D6-A9CA-AE77468A3526}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E06CA70A-2926-4F1D-8599-27E051F396A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06CA70A-2926-4F1D-8599-27E051F396A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 595923 bytes
->Temporary Internet Files folder emptied: 37398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42065764 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1516 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 345491 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_153044

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JETD41F.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
 
SystemLook 30.07.11 by jpshortstuff
Log created at 15:39 on 28/01/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid\ilivid.exe --a---- 2033152 bytes [16:32 31/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid\ilivid.ico --a---- 9662 bytes [16:32 31/10/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [16:32 31/10/2011] [16:32 31/10/2011] 02E03DEBBCC6BCDC9A6B72450571F83D
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 230 bytes [16:32 31/10/2011] [16:32 31/10/2011] D7ED6D5834794CAEA898E870AC350E26
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [16:32 31/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [16:32 31/10/2011] [16:32 31/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [16:32 31/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1557 bytes [16:32 31/10/2011] [16:32 31/10/2011] 694DFFFC718091D1F8F5CC7563786481
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [16:32 31/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\Documents\ilivid installation.exe --a---- 2108336 bytes [16:31 31/10/2011] [16:31 31/10/2011] 378D3A865E52755DBA1DFE596D36829C
C:\_OTL\MovedFiles\01282012_153044\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [16:32 31/10/2011] [16:32 31/10/2011] 466DD468703AAA8B251B53F0EAA011F7

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe --a---- 2048000 bytes [12:11 05/04/2011] [12:11 05/04/2011] 5D5BE44890B9F4726E7974D4EA537A38
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png --a---- 15639 bytes [09:48 05/04/2011] [09:48 05/04/2011] E1E2764387C41F1FA51960E331C0C695
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png --a---- 23201 bytes [09:48 05/04/2011] [09:48 05/04/2011] 30FE80D96076B03FD65EBE72B8EA1906
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png --a---- 26103 bytes [09:48 05/04/2011] [09:48 05/04/2011] 8CE49C5C27968DA714DB8E924A364A8E
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk --a---- 1772 bytes [03:24 27/08/2011] [03:24 27/08/2011] A8D0E23FF94971EB1584D8B058F4EA43
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk --a---- 1826 bytes [03:24 27/08/2011] [03:24 27/08/2011] CDBA095DBD210A7D838D74CC2D3CC295
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome\whitesmoke_bar.jar --a---- 728245 bytes [03:24 27/08/2011] [15:46 27/07/2011] 041156879BF6589961DE462E8994D3BD
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [00:54 15/08/2010] [00:54 15/08/2010] A75467F0FD3C3E39B465FBE13099A740
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\WhiteSmoke_Bar\WhiteSmoke_BarToolbarHelper.exe --a---- 65832 bytes [14:54 20/07/2011] [14:54 20/07/2011] DA11D78D765E4B8FA4CFA5A37E8A94FF
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Local\Conduit\CT3007394\WhiteSmoke_BarAutoUpdateHelper.exe --a---- 1814560 bytes [14:54 20/07/2011] [16:54 22/01/2012] B6FEBACACC2FC351F59C37E34D8A581C
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk --a---- 1814 bytes [03:24 27/08/2011] [03:24 27/08/2011] 901BC932244F7D30A017E46FB0C29C8B

Searching for "*datamngr*"
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\datamngrUI.exe --a---- 1700752 bytes [16:32 31/10/2011] [17:10 27/09/2011] 3C8578C0C94432FB1010D05286062FBB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.dll --a---- 351232 bytes [16:32 31/10/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.xpt --a---- 1051 bytes [16:32 31/10/2011] [17:10 27/09/2011] AFD0611AD79C4D2AA3F82637329A1711
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF3.dll --a---- 400896 bytes [16:32 31/10/2011] [17:08 27/09/2011] CB30F72CDD4CF5EF7C01805390D7F4E9
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF4.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 5878826F1265306CAA5058FF46D6D147
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF5.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 1E9E57C77120959CA486244F1DFF77A4
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF6.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] F40633334EBF76768177B49AE1308BCB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF7.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] 0B15C79091D5C380F80307A4E4EDA967
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\content\DataMngr.js --a---- 16466 bytes [16:32 31/10/2011] [13:50 24/08/2011] 64D9BB164FF6E51FBF5541DEAEE23EFD
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\x64\datamngr.dll --a---- 1778584 bytes [16:32 31/10/2011] [17:10 27/09/2011] 9E7340CA01F2140B15C1169822F3D8E4
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll --a---- 1236368 bytes [16:32 31/10/2011] [17:10 27/09/2011] 7B3E521FE419E62BAEE9AA33495BE2B4
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe --a---- 2272656 bytes [16:32 31/10/2011] [17:10 27/09/2011] 468C722A34009CD90CE5C7E506251507

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchquband d------ [04:12 07/11/2011]
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchqutoolbar d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar d------ [16:32 31/10/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\Local\Ilivid Player d------ [16:44 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [16:32 31/10/2011]

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\WhiteSmoke d------ [15:33 29/08/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\WhiteSmoke_Bar d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\LocalLow\WhiteSmoke_Bar d------ [03:23 27/08/2011]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\LocalLow\DataMngr d------ [04:12 07/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
 
Hey, we are making progress, about 95% of it is gone, most of whats on the System Look log are backups of what OTL removed, before we run the next fix let me know if your still being redirected ?



Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses


:OTL
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}


:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache] 





:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces





Then run the same script again for System Look
 
Last edited:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Unable to fix default_search_provider items.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cach\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 597068 bytes
->Temporary Internet Files folder emptied: 41626 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3734474 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_205802

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JET9710.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
 
SystemLook 30.07.11 by jpshortstuff
Log created at 21:04 on 28/01/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\01242012_225038\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid\ilivid.exe --a---- 2033152 bytes [16:32 31/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid\ilivid.ico --a---- 9662 bytes [16:32 31/10/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [16:32 31/10/2011] [16:32 31/10/2011] 02E03DEBBCC6BCDC9A6B72450571F83D
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 230 bytes [16:32 31/10/2011] [16:32 31/10/2011] D7ED6D5834794CAEA898E870AC350E26
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [16:32 31/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [16:32 31/10/2011] [16:32 31/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [16:32 31/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1557 bytes [16:32 31/10/2011] [16:32 31/10/2011] 694DFFFC718091D1F8F5CC7563786481
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [16:32 31/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\Documents\ilivid installation.exe --a---- 2108336 bytes [16:31 31/10/2011] [16:31 31/10/2011] 378D3A865E52755DBA1DFE596D36829C
C:\_OTL\MovedFiles\01282012_153044\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [16:32 31/10/2011] [16:32 31/10/2011] 466DD468703AAA8B251B53F0EAA011F7

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe --a---- 2048000 bytes [12:11 05/04/2011] [12:11 05/04/2011] 5D5BE44890B9F4726E7974D4EA537A38
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png --a---- 15639 bytes [09:48 05/04/2011] [09:48 05/04/2011] E1E2764387C41F1FA51960E331C0C695
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png --a---- 23201 bytes [09:48 05/04/2011] [09:48 05/04/2011] 30FE80D96076B03FD65EBE72B8EA1906
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png --a---- 26103 bytes [09:48 05/04/2011] [09:48 05/04/2011] 8CE49C5C27968DA714DB8E924A364A8E
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk --a---- 1772 bytes [03:24 27/08/2011] [03:24 27/08/2011] A8D0E23FF94971EB1584D8B058F4EA43
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk --a---- 1826 bytes [03:24 27/08/2011] [03:24 27/08/2011] CDBA095DBD210A7D838D74CC2D3CC295
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwn68ar1.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome\whitesmoke_bar.jar --a---- 728245 bytes [03:24 27/08/2011] [15:46 27/07/2011] 041156879BF6589961DE462E8994D3BD
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Steam\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [00:54 15/08/2010] [00:54 15/08/2010] A75467F0FD3C3E39B465FBE13099A740
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\WhiteSmoke_Bar\WhiteSmoke_BarToolbarHelper.exe --a---- 65832 bytes [14:54 20/07/2011] [14:54 20/07/2011] DA11D78D765E4B8FA4CFA5A37E8A94FF
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Local\Conduit\CT3007394\WhiteSmoke_BarAutoUpdateHelper.exe --a---- 1814560 bytes [14:54 20/07/2011] [16:54 22/01/2012] B6FEBACACC2FC351F59C37E34D8A581C
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk --a---- 1814 bytes [03:24 27/08/2011] [03:24 27/08/2011] 901BC932244F7D30A017E46FB0C29C8B

Searching for "*datamngr*"
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\datamngrUI.exe --a---- 1700752 bytes [16:32 31/10/2011] [17:10 27/09/2011] 3C8578C0C94432FB1010D05286062FBB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.dll --a---- 351232 bytes [16:32 31/10/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlp.xpt --a---- 1051 bytes [16:32 31/10/2011] [17:10 27/09/2011] AFD0611AD79C4D2AA3F82637329A1711
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF3.dll --a---- 400896 bytes [16:32 31/10/2011] [17:08 27/09/2011] CB30F72CDD4CF5EF7C01805390D7F4E9
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF4.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 5878826F1265306CAA5058FF46D6D147
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF5.dll --a---- 395776 bytes [16:32 31/10/2011] [17:09 27/09/2011] 1E9E57C77120959CA486244F1DFF77A4
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF6.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] F40633334EBF76768177B49AE1308BCB
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\components\DataMngrHlpFF7.dll --a---- 395776 bytes [16:32 31/10/2011] [17:10 27/09/2011] 0B15C79091D5C380F80307A4E4EDA967
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION\content\DataMngr.js --a---- 16466 bytes [16:32 31/10/2011] [13:50 24/08/2011] 64D9BB164FF6E51FBF5541DEAEE23EFD
C:\_OTL\MovedFiles\01242012_225038\C_PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\x64\datamngr.dll --a---- 1778584 bytes [16:32 31/10/2011] [17:10 27/09/2011] 9E7340CA01F2140B15C1169822F3D8E4
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll --a---- 1236368 bytes [16:32 31/10/2011] [17:10 27/09/2011] 7B3E521FE419E62BAEE9AA33495BE2B4
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe --a---- 2272656 bytes [16:32 31/10/2011] [17:10 27/09/2011] 468C722A34009CD90CE5C7E506251507

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchquband d------ [04:12 07/11/2011]
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\LocalLow\searchqutoolbar d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwn68ar1.default\searchqutoolbar d------ [16:32 31/10/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\01272012_222727\C_Users\Owner\AppData\Local\Ilivid Player d------ [16:44 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\iLivid d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [16:32 31/10/2011]

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\01282012_125523\C_Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [03:24 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\WhiteSmoke d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_125523\C_Users\Owner\AppData\Roaming\WhiteSmoke d------ [15:33 29/08/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\WhiteSmoke_Bar d------ [03:23 27/08/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\LocalLow\WhiteSmoke_Bar d------ [03:23 27/08/2011]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\01282012_153044\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [16:32 31/10/2011]
C:\_OTL\MovedFiles\01282012_153044\C_Users\Owner\AppData\LocalLow\DataMngr d------ [04:12 07/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=119&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
 
Moving right along, some of these are stubborn and wont go, if they come back we may need to try another tool to remove them

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses


:OTL
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}


:Services

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]
[-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]


:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )






Then run System look again with the same script and post a new log please
 
All processes killed
========== PROCESSES ==========
========== OTL ==========
Unable to fix default_search_provider items.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"|" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-3984993148-1309757251-1189783091-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 595923 bytes
->Temporary Internet Files folder emptied: 37398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34311588 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 711 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48516 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 113564 bytes

Total Files Cleaned = 33.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_230329

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Owner\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JET859.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
 
Status
Not open for further replies.
Back
Top