Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I got the searchqu virus and i can't get rid of it!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 7th, 2011, 9:05 am

Hi,

A few days i got the virus that makes my homepage start as "http://www.searchqu.com/406" every time. I have tried to get rid off it using malwarebytes but it didn't work.

here is my dds log:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by jussi at 14:58:25 on 2011-06-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4095.2493 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyServer = 192.168.1.4:8123
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
uURLSearchHooks: tutudragon3 Toolbar: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - C:\Program Files (x86)\tutudragon3\tbtutu.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: tutudragon3 Toolbar: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - C:\Program Files (x86)\tutudragon3\tbtutu.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: tutudragon3 Toolbar: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - C:\Program Files (x86)\tutudragon3\tbtutu.dll
TB: tutudragon3 Toolbar: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - C:\Program Files (x86)\tutudragon3\tbtutu.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Personal.lnk - C:\Program Files (x86)\Personal\bin\Personal.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: Interfaces\{0108EC47-8FCD-4CB9-93F2-AE2B400E3D46} : DhcpNameServer = 83.255.245.11 193.150.193.150
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{e9935af9-87e2-415b-94e3-4a91c3da40e1}
{e9935af9-87e2-415b-94e3-4a91c3da40e1}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{472734EA-242A-422B-ADF8-83D1E48CC825}
{99079a25-328f-4bd4-be04-00955acaa0a7}
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Standard)]
mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8& ... EGZEDre&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.tepela.com/search/?ie=UTF-8& ... EGZEDre&q=
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-5-14 337872]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-7 366640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-18 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-4-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-16 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-14 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-14 1117144]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\system32\DRIVERS\nordecr.sys --> C:\Windows\system32\DRIVERS\nordecr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 135664]
S4 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 135664]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
.
=============== Created Last 30 ================
.
2011-05-30 18:29:38 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-30 18:29:21 -------- d-----w- C:\Users\jussi\AppData\Local\PackageAware
2011-05-29 14:53:46 -------- d-----w- C:\FrozenSynapse
2011-05-27 15:28:23 -------- d-----w- C:\Windows\pss
2011-05-26 13:15:24 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent
2011-05-25 06:51:51 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 19:15:10 -------- d-----w- C:\Windows\System32\SPReview
2011-05-24 19:13:45 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-24 12:48:01 3072 ----a-w- C:\Windows\System32\drivers\sv-SE\tsusbflt.sys.mui
2011-05-24 12:48:01 2560 ----a-w- C:\Windows\System32\drivers\sv-SE\rdpwd.sys.mui
2011-05-24 12:46:59 512000 ----a-w- C:\Windows\System32\rpcss.dll
2011-05-24 12:45:59 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2011-05-24 12:44:59 72192 ----a-w- C:\Windows\System32\napdsnap.dll
2011-05-24 12:39:37 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-05-24 12:39:37 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-05-24 12:39:37 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-05-24 12:38:52 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-05-24 12:38:23 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-05-24 12:37:40 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-05-24 12:37:40 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-05-20 20:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-05-19 14:11:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-18 08:29:30 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll
2011-05-18 08:29:30 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll
2011-05-17 15:21:18 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-17 15:21:18 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-14 17:39:52 -------- d-----w- C:\Users\jussi\AppData\Local\Threat Expert
2011-05-14 08:49:39 -------- d-----w- C:\Users\jussi\AppData\Roaming\Malwarebytes
2011-05-14 08:49:32 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-14 08:49:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-14 08:49:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-14 08:49:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-13 13:47:27 -------- d-----w- C:\ProgramData\Skype Extras
2011-05-13 06:19:49 -------- d-----w- C:\Program Files (x86)\Petroglyph
2011-05-11 13:05:02 -------- d-----w- C:\Users\jussi\AppData\Roaming\Dwarfs
2011-05-11 10:09:44 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 10:09:43 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 10:09:41 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 10:09:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 10:09:33 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 10:09:33 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 10:09:33 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 10:09:33 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 10:09:33 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 10:09:33 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
.
==================== Find3M ====================
.
2011-05-24 19:25:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-24 19:25:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-27 13:37:12 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2011-04-27 13:37:06 2074576 ----a-w- C:\Windows\PCTBDCore.dll
2011-04-27 13:37:06 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2011-04-27 13:36:58 767952 ----a-w- C:\Windows\BDTSupport.dll
2011-04-09 16:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 16:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-06 14:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 14:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 14:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 14:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 14:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 14:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 14:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-24 10:39:32 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-10 08:07:24 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-03-10 07:08:22 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2010-09-07 18:42:34 814143398 ----a-w- C:\Program Files (x86)\loleusetup.exe
.
============= FINISH: 14:59:45,88 ===============

and here is my attach log:

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-04-16 15:07:21
System Uptime: 2011-06-07 14:43:58 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-E
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2833/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 466,824 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP195: 2011-05-25 10:52:03 - Windows Update
RP196: 2011-06-06 16:26:43 - Installed NVIDIA 3D Vision Controller Driver
RP197: 2011-06-06 19:32:05 - DirectX har installerats
.
==== Installed Programs ======================
.
3DMark Vantage
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4 - Svenska
Adobe Shockwave Player 11.5
Amnesia - The Dark Descent
Apple Application Support
Apple Software Update
Barbarian Invasion
Batman: Arkham Asylum
Battlefield Heroes
Bloodline Champions Beta
Browser Defender 3.0
Call of Duty Modern Warfare 2
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Cheat Engine 5.6
Chemistry Add-in for Word
Conduit Engine
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
CyberLink PhotoNow
CyberLink PowerDirector
Dead Rising 2
DotAzilla
Dropbox
Eets
Eufloria v2.05
Fraps (remove only)
Frozen Synapse
Futuremark SystemInfo
Garena Messenger
Google Toolbar for Internet Explorer
Google Update Helper
HeidiSQL 5.1
Heroes of Newerth
HP Software Update
hppusgCP1215
HPSSupply
Java Auto Updater
Java(TM) 6 Update 22
Lead and Gold - Gangs of the Wild West
League of Legends
Left 4 Dead
Left 4 Dead 2
LightScribe System Software
Live Redemption Checker
LogMeIn Hamachi
Magicka
Malwarebytes' Anti-Malware version 1.51.0.1200
Manhunt 2
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.1
Monday Night Combat
Mozilla Firefox 4.0.1 (x86 sv-SE)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NETGEAR WN111 wireless USB 2.0 adapter
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Pando Media Booster
Personal 4.10.3
Portal 2
PowerISO
PunkBuster Services
QuickTime
Raptr
RIFT
Rise of Immortals
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rome - Total War - Alexander
Rome - Total War(TM)
Sacrifice
Safari
Seal Hunter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Skype Toolbars
Skype™ 5.3
Spotify
Spyware Doctor 8.0
StarCraft II
Steam
StepMania 3.9a (remove only)
System Requirements Lab
Team Fortress 2
Team Fortress 2 Beta
TF2
The Lord of the Rings Online™ v03.02.03.8013
Thief: Deadly Shadows
tutudragon3 Toolbar
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
War of Angels
Warcraft III
WavePad Sound Editor
Windows iLivid Toolbar
WinSCP 4.2.9
VLC media player 1.0.5
World of Warcraft
Vuze
Vuze Remote Toolbar
Zygor Guides
.
==== End Of File ===========================


Best Regards

Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am
Advertisement
Register to Remove

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 8th, 2011, 9:36 am

Hi juala,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Vuze in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Conduit Engine
Java Auto Updater
Java(TM) 6 Update 22
MarketResearch
McAfee Security Scan Plus
Pando Media Booster
Spyware Doctor 8.0
Vuze
Vuze Remote Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *Conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *Conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    Conduit
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 8th, 2011, 2:29 pm

I deleted all theprograms but when I try to delete Vuze it says:

No JVM could be found on your system.
Please define EXE4J_JAVA_HOME
to point an isntalled 32-bit JDK or JRE download a JRE from
www.java.com

Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 8th, 2011, 2:45 pm

juala,
OK.
It evidently needs your new Java installed first, before it can Uninstall Vuze.
If Vuze doesn't Uninstall properly, we will take a hammer to it later.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 26 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license
Select the link for your Platform (Windows 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then right click it and choose "Run as administrator", and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus(It's just adware) or any extra toolbars.
When it finishes, you can remove the Installer from your desktop.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Vuze
Vuze toolbar

Take extra care in answering questions posed by any Uninstaller.

Whether all the preceding works or not, please proceed with the rest of the sequence using SystemLook.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 8th, 2011, 3:26 pm

Hi again :)

I installed the java JRE x64 version but the same error message occured.

Anyways here's my log from the systemlook scan:

SystemLook 04.09.10 by jpshortstuff
Log created at 21:12 on 08/06/2011 by jussi
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [18:29 30/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll --a---- 424848 bytes [13:32 02/03/2011] [13:32 02/03/2011] 4341DAF80A4C03D2119770CA27FD4997
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:32 02/03/2011] [13:32 02/03/2011] AD14E447F7CED4CA987B91B379EAF952
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\SetupDataMngr_Searchqu[1].exe --a---- 2596544 bytes [18:29 30/05/2011] [18:29 30/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\Users\jussi\AppData\Local\Temp\searchqu.ini --a---- 414 bytes [18:29 30/05/2011] [18:29 30/05/2011] 5EC2A9FDAA43596854FE7E787F60112C
C:\Users\jussi\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1
C:\Users\jussi\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 2596544 bytes [18:29 30/05/2011] [18:29 30/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [18:29 30/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-A164B43F.pf --a---- 100226 bytes [18:29 30/05/2011] [18:29 30/05/2011] 0E548ED367E6B6432F4BAD6974EC5FC9
C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-3F6EB214.pf --a---- 67166 bytes [18:29 30/05/2011] [18:29 30/05/2011] 0E09BE505E113D891F4D1D5DD5B5FAAD

Searching for "*iLivid*"
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\ilivid[1].7z --a---- 725651 bytes [18:30 30/05/2011] [18:30 30/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\Users\jussi\AppData\Local\Temp\ilivid.7z --a---- 725651 bytes [18:30 30/05/2011] [18:30 30/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\Users\jussi\Downloads\iLividSetupV1.exe --a---- 2023592 bytes [18:29 30/05/2011] [18:29 30/05/2011] C720C2C62A65E96EA42687D9F36DA641
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-12B68B72.pf --a---- 33214 bytes [18:29 30/05/2011] [18:29 30/05/2011] 488B84CC2256A91BB07ECACF136DB64E
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4206F73E.pf --a---- 63496 bytes [17:44 01/06/2011] [17:44 01/06/2011] 384E9B89D8F95D3666E369B7487E9D51
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-D46B3AD8.pf --a---- 69374 bytes [18:29 30/05/2011] [18:29 30/05/2011] 6E0207591371C7613C0AEB5D4C4B2DD2

Searching for "*whitesmoke*"
C:\Program Files (x86)\Steam\steamapps\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [22:46 27/08/2010] [19:21 25/07/2010] A75467F0FD3C3E39B465FBE13099A740

Searching for "*Conduit*"
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.dx80.vtx --a---- 15536 bytes [17:23 24/08/2010] [21:36 18/09/2007] 3CF7DDE4BBDF190D5263028354A2E49C
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.dx90.vtx --a---- 15536 bytes [17:23 24/08/2010] [21:36 18/09/2007] 16044C94421AF5AD73602A300264272E
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.mdl --a---- 1472 bytes [17:23 24/08/2010] [21:36 18/09/2007] DF8EAC2BA60B69BFE3301404ABCA269F
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.phy --a---- 2357 bytes [17:23 24/08/2010] [21:36 18/09/2007] 0882B2EC35F6740EC27308458D818DD3
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.sw.vtx --a---- 15536 bytes [17:23 24/08/2010] [21:36 18/09/2007] 75F1757231821C4754AB0C04B799471F
C:\Fraps\Team Fortress 2\hl2\models\props_wasteland\prison_conduit001a.vvd --a---- 17984 bytes [17:23 24/08/2010] [21:36 18/09/2007] 46DDBA8560FBF48DA6248AC685ED9A1E
C:\Fraps\Team Fortress 2\tf\materials\models\props_farm\conduit.vmt --a---- 71 bytes [17:27 24/08/2010] [21:57 18/09/2007] B4AEB964A690A75D52E18C8AAF501A25
C:\Fraps\Team Fortress 2\tf\materials\models\props_farm\conduit.vtf --a---- 175016 bytes [17:27 24/08/2010] [21:57 18/09/2007] 36203B3A65F236F3FC56B20C236634EE
C:\Fraps\Team Fortress 2\tf\materials\models\props_mining\conduit_outdoor01.vmt --a---- 81 bytes [17:27 24/08/2010] [21:57 18/09/2007] 66D04280106D62832F8027A6601932B1
C:\Fraps\Team Fortress 2\tf\materials\models\props_mining\conduit_outdoor01.vtf --a---- 87576 bytes [17:27 24/08/2010] [21:57 18/09/2007] BB9326684D80419803A192F53867DDFB
C:\Fraps\Team Fortress 2\tf\materials\models\props_spytech\ceiling_conduit.vmt --a---- 82 bytes [17:27 24/08/2010] [21:58 18/09/2007] E0DE8D4E9F727A40982DDED7E9887A53
C:\Fraps\Team Fortress 2\tf\materials\models\props_spytech\ceiling_conduit.vtf --a---- 928 bytes [17:27 24/08/2010] [21:58 18/09/2007] 80A5A937D1612BE5B79F81ACBF073466
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.dx80.vtx --a---- 4608 bytes [17:28 24/08/2010] [21:52 18/09/2007] 5EA3D0D2B5D2997F18D3974CB722B08A
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.dx90.vtx --a---- 4608 bytes [17:28 24/08/2010] [21:52 18/09/2007] 726F7423A11B5CF2B2F3539EECE952E0
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.mdl --a---- 1456 bytes [17:28 24/08/2010] [21:52 18/09/2007] 25A8B426991ED6AFE25679E146222125
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.phy --a---- 3331 bytes [17:28 24/08/2010] [21:52 18/09/2007] 3891DA444B00648ABC51C8255D35FB28
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.sw.vtx --a---- 4608 bytes [17:28 24/08/2010] [21:52 18/09/2007] 267A5FBA6E47573ED0E40DD12E3AE862
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit01.vvd --a---- 20480 bytes [17:28 24/08/2010] [21:52 18/09/2007] B4515F20956637755DBD4A0B2A49BDA0
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.dx80.vtx --a---- 3369 bytes [17:28 24/08/2010] [21:52 18/09/2007] 4539997A3E43734E08A99BBCEDF29B66
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.dx90.vtx --a---- 3369 bytes [17:28 24/08/2010] [21:52 18/09/2007] 20E02FE3E06B1F3CC8E089C5003EEFC1
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.mdl --a---- 1456 bytes [17:28 24/08/2010] [21:52 18/09/2007] 2A8714A0C7E3BB5405E172639EC86E47
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.phy --a---- 2267 bytes [17:28 24/08/2010] [21:52 18/09/2007] 3FD663D800205222075C1A433CF0DFF5
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.sw.vtx --a---- 3369 bytes [17:28 24/08/2010] [21:52 18/09/2007] DBD8366FE5644090D368892ACA9AB028
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit02.vvd --a---- 16448 bytes [17:28 24/08/2010] [21:52 18/09/2007] DC6D98B839CD0325F749628E02FC09E9
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.dx80.vtx --a---- 1323 bytes [17:28 24/08/2010] [21:52 18/09/2007] 7A39F2CB688A405B30D1C43729627FC9
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.dx90.vtx --a---- 1323 bytes [17:28 24/08/2010] [21:52 18/09/2007] 0955DC4C442A2BB2A94D1B1FE7D0C020
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.mdl --a---- 1712 bytes [17:28 24/08/2010] [21:52 18/09/2007] AF34483D9A9BEDE540D661D06397FA60
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.phy --a---- 1095 bytes [17:28 24/08/2010] [21:52 18/09/2007] 7BBCE368B49AFDEDA24081C25FFEBEE4
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.sw.vtx --a---- 1323 bytes [17:28 24/08/2010] [21:52 18/09/2007] 6475A9197ABFCCDB3695952BC67938DD
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe01.vvd --a---- 6080 bytes [17:28 24/08/2010] [21:52 18/09/2007] 5F0972D1B62DE158F074B44CB76C37B2
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.dx80.vtx --a---- 1581 bytes [17:28 24/08/2010] [21:52 18/09/2007] 37116828324C1AB4D6A3CEE1C3DC2B4B
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.dx90.vtx --a---- 1581 bytes [17:28 24/08/2010] [21:52 18/09/2007] 65BEBE932E34310608EDB7A27FF03981
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.mdl --a---- 1712 bytes [17:28 24/08/2010] [21:52 18/09/2007] 4EA748C7D3922E5D02E0B670D28F67B2
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.phy --a---- 1095 bytes [17:28 24/08/2010] [21:52 18/09/2007] 427F6B189F344A613112442E16A394B8
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.sw.vtx --a---- 1581 bytes [17:28 24/08/2010] [21:52 18/09/2007] F8BA0739C119F77D3D77BAB37AEF983B
C:\Fraps\Team Fortress 2\tf\models\props_farm\conduit_pipe02.vvd --a---- 7232 bytes [17:28 24/08/2010] [21:52 18/09/2007] 6B27ACAD56D756923504D41429DF5B1A
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.dx80.vtx --a---- 57718 bytes [17:28 24/08/2010] [21:53 18/09/2007] 12F9FF4A3F249657DD1289EFA47FAA92
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.dx90.vtx --a---- 57718 bytes [17:28 24/08/2010] [21:53 18/09/2007] 9ECD85187C8A41D0AC5A08EDF914F0F2
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.mdl --a---- 1724 bytes [17:28 24/08/2010] [21:53 18/09/2007] 39318E780F28D7CA59A974EA3FE64EF6
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.phy --a---- 5988 bytes [17:28 24/08/2010] [21:53 18/09/2007] 7C54070259F5F4B0203F5C74F52F83AB
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.sw.vtx --a---- 57718 bytes [17:28 24/08/2010] [21:53 18/09/2007] FC4207D04D01753DFFF5F4594D5A3C1A
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor256.vvd --a---- 133440 bytes [17:28 24/08/2010] [21:53 18/09/2007] 9A764AE1CDC4787BF7CB4401FEA8CAAE
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.dx80.vtx --a---- 59347 bytes [17:28 24/08/2010] [21:53 18/09/2007] 21AD3DF40CC73496C91318F73773FF49
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.dx90.vtx --a---- 59347 bytes [17:28 24/08/2010] [21:53 18/09/2007] F6379D27EAF88A7087A383BE3F4C0389
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.mdl --a---- 1724 bytes [17:28 24/08/2010] [21:53 18/09/2007] 5442722452E31F3E6188F97F14D61E3B
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.phy --a---- 5941 bytes [17:28 24/08/2010] [21:53 18/09/2007] 97CF9C63FEA67821E0A53A95F9EE7F68
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.sw.vtx --a---- 59347 bytes [17:28 24/08/2010] [21:53 18/09/2007] AB19EB4E203EEC9357E50F12BAA579F8
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor384.vvd --a---- 148288 bytes [17:28 24/08/2010] [21:53 18/09/2007] 66823CA4D148FEC8B1A8EC6941390915
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.dx80.vtx --a---- 59401 bytes [17:28 24/08/2010] [21:53 18/09/2007] 040000D1F19B5367E74CB48FA51879F8
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.dx90.vtx --a---- 59401 bytes [17:28 24/08/2010] [21:53 18/09/2007] 28FD67F7BFB10D898877AD22EE3A6869
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.mdl --a---- 1724 bytes [17:28 24/08/2010] [21:53 18/09/2007] 89B9FFC85C92AAE035D14E380B833B57
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.phy --a---- 6029 bytes [17:28 24/08/2010] [21:53 18/09/2007] 2884CB53E3A8DF595F8C6D41FCBD6A25
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.sw.vtx --a---- 59401 bytes [17:28 24/08/2010] [21:53 18/09/2007] 34DA6708D4824E1ECB19F31E64EE6B70
C:\Fraps\Team Fortress 2\tf\models\props_mining\conduit_outdoor512.vvd --a---- 152640 bytes [17:28 24/08/2010] [21:53 18/09/2007] A471657EB0F7A88334E9799853FF9747
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.dx80.vtx --a---- 9693 bytes [17:28 24/08/2010] [21:53 18/09/2007] A047FC55EA3AD789B752A8500C7574CF
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.dx90.vtx --a---- 9693 bytes [17:28 24/08/2010] [21:53 18/09/2007] 250B4F79602BEC6B9AF3739EC2C7E3B1
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.mdl --a---- 1468 bytes [17:28 24/08/2010] [21:53 18/09/2007] DE5B7A57D527AB75A3013850C4A0491A
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.phy --a---- 3448 bytes [17:28 24/08/2010] [21:53 18/09/2007] 759B7536FE9BE51DC7F2624ECAA3F37B
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.sw.vtx --a---- 9693 bytes [17:28 24/08/2010] [21:53 18/09/2007] 095710879DDA51150F5CDC82FBD4B5D4
C:\Fraps\Team Fortress 2\tf\models\props_spytech\ceiling_conduit.vvd --a---- 42304 bytes [17:28 24/08/2010] [21:53 18/09/2007] 6C21AA1E03CB394885985417232CC1E9
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_farm\conduit01.si0 --a---- 2931 bytes [14:59 29/08/2010] [18:50 01/02/2009] B1A6FDEA69C90428C95A0E6CA184F477
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_farm\conduit02.si0 --a---- 4040 bytes [14:59 29/08/2010] [18:50 01/02/2009] 5AA2AC6518E10EB0F72180597F30141C
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_farm\conduit_pipe01.si0 --a---- 4050 bytes [14:59 29/08/2010] [18:50 01/02/2009] 9E2801B0D77E212616E337CA06491324
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_farm\conduit_pipe02.si0 --a---- 3897 bytes [14:59 29/08/2010] [18:50 01/02/2009] CD4BADD9FC01CBBA97020BEF9078A484
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_mining\conduit_outdoor256.si0 --a---- 3279 bytes [14:59 29/08/2010] [18:50 01/02/2009] AFE311B76A0C0FAEA688EB948FC053A0
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_mining\conduit_outdoor384.si0 --a---- 3079 bytes [14:59 29/08/2010] [18:50 01/02/2009] 6D2F4688AF9DC84E2672C8A4D70C78CA
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_mining\conduit_outdoor512.si0 --a---- 3972 bytes [14:59 29/08/2010] [18:50 01/02/2009] 8B661BC78E110B39F18163723F54E0DE
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_spytech\ceiling_conduit.si0 --a---- 3093 bytes [14:59 29/08/2010] [18:50 01/02/2009] 177562D7830313FC12E115F6C9AE2179
C:\Program Files\Valve\Garry's Mod\garrysmod\spawnicons\props_wasteland\prison_conduit001a.si0 --a---- 4366 bytes [14:59 29/08/2010] [18:51 01/02/2009] 0A8A96896D87B2CAA086CC9A9D256127
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.dx80.vtx --a---- 15536 bytes [15:04 29/08/2010] [20:39 01/02/2009] 3CF7DDE4BBDF190D5263028354A2E49C
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.dx90.vtx --a---- 15536 bytes [15:04 29/08/2010] [20:39 01/02/2009] 16044C94421AF5AD73602A300264272E
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.jpg --a---- 5004 bytes [15:03 29/08/2010] [20:39 01/02/2009] 93F0E9CE26B24295F4A8265DAB4306C1
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.mdl --a---- 1472 bytes [15:03 29/08/2010] [20:39 01/02/2009] DF8EAC2BA60B69BFE3301404ABCA269F
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.phy --a---- 2357 bytes [15:03 29/08/2010] [20:39 01/02/2009] 0882B2EC35F6740EC27308458D818DD3
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.sw.vtx --a---- 15536 bytes [15:04 29/08/2010] [20:39 01/02/2009] 75F1757231821C4754AB0C04B799471F
C:\Program Files\Valve\Garry's Mod\hl2\models\props_wasteland\prison_conduit001a.vvd --a---- 17984 bytes [15:04 29/08/2010] [20:39 01/02/2009] 46DDBA8560FBF48DA6248AC685ED9A1E
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1205536 bytes [15:40 18/02/2011] [15:40 18/02/2011] 24B0E635B15BF43E6F7429AC6383CAB7
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [11:03 13/08/2010] [11:03 13/08/2010] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2_dlc1\sound\ambient\ambience\conduit_rain.wav --a---- 431494 bytes [18:14 06/10/2010] [18:14 06/10/2010] 1C37DF6A8D5ED9D8EAC4F0EB8C6B6D82
C:\Program Files (x86)\Steam\steamapps\steamapps\common\left 4 dead 2\left4dead2_dlc1\sound\ambient\ambience\conduit_rain.wav --a---- 431494 bytes [23:03 27/08/2010] [12:27 23/04/2010] 1C37DF6A8D5ED9D8EAC4F0EB8C6B6D82
C:\Users\AppData\LocalLow\Conduit\Community Alerts\CacheIcons\http___alert_storage_conduit_com_40_99_992640_Images_634070536538501250_png.png --a---- 576 bytes [12:11 27/04/2010] [12:11 27/04/2010] B102A5448974CF3E819BB234101E245D
C:\Users\AppData\LocalLow\Conduit\Community Alerts\CacheIcons\http___alert_storage_conduit_com_40_99_992640_Images_634094463064787500_png.png --a---- 4411 bytes [14:06 24/05/2010] [14:06 24/05/2010] 606657F8A23CA4AE52192490A6DA49CB
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=847172&fid=842975.xml --a---- 185 bytes [20:05 10/08/2010] [14:32 13/09/2010] E35BAB8C911EAAC2F2878767362FE73B
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=992640&fid=988359.xml --a---- 181 bytes [20:05 10/08/2010] [14:32 13/09/2010] 1AB17973F29137222C046FE94587C05F
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=847172&alertFeedId=842975.xml --a---- 357 bytes [12:48 30/04/2010] [12:51 24/05/2010] E1604E3D11F55C55070F690273719EAD
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=992640&alertFeedId=988359.xml --a---- 581 bytes [16:35 25/04/2010] [14:06 24/05/2010] 429C7BCED61092DADEB16DE64292C99D
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_18_259_CT2599818_Images_634070536537876250_gif.gif --a---- 576 bytes [16:32 25/04/2010] [16:32 25/04/2010] F1C961B7D4940815E8F22CFE4E9EE4EE
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_18_259_CT2599818_Images_634076641046700000_gif.gif --a---- 97 bytes [16:32 25/04/2010] [16:32 25/04/2010] DB8963BF0CDD0033E315F553AFAB4F09
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_18_259_CT2599818_Images_634080298832525000_gif.gif --a---- 472 bytes [18:19 28/04/2010] [18:19 28/04/2010] 54F02EE3EE3ADCE61D0B9D857CB5B145
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_18_259_CT2599818_Images_Buttons2_xml-132-Classic-634072479224983750_gif.gif --a---- 225 bytes [16:32 25/04/2010] [16:32 25/04/2010] 19589A6C1CAAF76DD6482CD6DFC6FBE4
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_18_259_CT2599818_Images_Menu-silkset_browser_omniweb_gif-Silk_1-634080300160650000_gif.gif --a---- 432 bytes [18:20 28/04/2010] [18:20 28/04/2010] D83F971D36627D0BFF50E9509B03E288
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [19:38 25/04/2010] [19:38 25/04/2010] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [16:32 25/04/2010] [16:32 25/04/2010] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [16:32 25/04/2010] [16:32 25/04/2010] A9E001CBC00B06B121DFBC80707F5298
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [16:32 25/04/2010] [16:32 25/04/2010] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [16:32 25/04/2010] [16:32 25/04/2010] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [16:32 25/04/2010] [16:32 25/04/2010] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [16:32 25/04/2010] [16:32 25/04/2010] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [16:32 25/04/2010] [16:32 25/04/2010] 6427565C7105DC497287866100F260BB
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [16:32 25/04/2010] [16:32 25/04/2010] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [16:32 25/04/2010] [16:32 25/04/2010] C3EBA0237D68F665AF6D663906221092
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [16:32 25/04/2010] [16:32 25/04/2010] 5E7217A3357550F9749A095631F51015
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [16:32 25/04/2010] [16:32 25/04/2010] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif --a---- 891 bytes [18:19 28/04/2010] [18:19 28/04/2010] F74F91E7DF0A5A5283AB2D2F0E6E58DE
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [16:32 25/04/2010] [16:32 25/04/2010] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [16:32 25/04/2010] [16:32 25/04/2010] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [16:32 25/04/2010] [16:32 25/04/2010] 948781E4B6478290050ECA4423B89B1E
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif --a---- 625 bytes [16:32 25/04/2010] [16:32 25/04/2010] C23D4DB18B6BB4F38ECBA57AD414A5CF
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [16:32 25/04/2010] [16:32 25/04/2010] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [16:32 25/04/2010] [16:32 25/04/2010] AE5A39669C623937C0839E079E1088D5
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif --a---- 1035 bytes [16:32 25/04/2010] [16:32 25/04/2010] 7BF61D475BF289E4900EBA788DED51C3
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [18:20 28/04/2010] [18:20 28/04/2010] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [17:29 27/04/2010] [17:29 27/04/2010] E509575F473727B14C87367068C42353
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [19:33 28/04/2010] [19:33 28/04/2010] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [14:05 26/04/2010] [14:05 26/04/2010] 110EC9BCA8470D6488B626EA28914A6C
C:\Users\AppData\LocalLow\tutudragon3\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif --a---- 204 bytes [19:38 25/04/2010] [19:38 25/04/2010] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Y29K7ZU\alerts_conduit-services_com[1].txt --a---- 181 bytes [14:04 02/09/2010] [14:04 02/09/2010] 1AB17973F29137222C046FE94587C05F
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Y29K7ZU\alerts_conduit-services_com[2].txt --a---- 181 bytes [16:19 02/09/2010] [16:19 02/09/2010] 1AB17973F29137222C046FE94587C05F
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\settings_engine_conduit-services_com[1].txt --a---- 3792 bytes [21:43 14/05/2011] [21:43 14/05/2011] DCDE161D428E08C799B9C7F20B17EB95
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\translation_engine_conduit-services_com[1].txt --a---- 106 bytes [18:00 14/05/2011] [21:43 14/05/2011] E9E9631E5161F26D6D7CD3168D59DB12
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\translation_engine_conduit-services_com[2].txt --a---- 26 bytes [09:29 17/05/2011] [09:29 17/05/2011] B614D60DF9479FA70EAA9A2507D783FD
C:\Users\jussi\AppData\Local\Temp\ConduitEngine.dll --a---- 3863136 bytes [18:14 08/06/2011] [13:02 12/09/2010] 895C4812245E244B2F81C71BAD0C4E55
C:\Users\jussi\AppData\Local\Temp\GLFF243.tmp.ConduitEngineSetup.exe --a---- 157536 bytes [10:38 25/09/2010] [13:03 12/09/2010] 3BA3C21D186D6F0AAB95EB232C8A43E7
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_SE.xml --a---- 188 bytes [20:51 05/12/2010] [21:49 14/05/2011] E2A87E535CF5282072AA46166D27D1DF
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_SE.xml --a---- 191 bytes [20:51 05/12/2010] [21:49 14/05/2011] 43C93B80235159F037CEA9A173922F92
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_992640_988359_SE.xml --a---- 188 bytes [20:51 05/12/2010] [21:43 14/05/2011] 0705D688134A8CD0447032E09381E80A
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml --a---- 181 bytes [13:57 25/09/2010] [21:16 11/11/2010] 4B4E7E7475A027EB2A42E6517829BD64
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml --a---- 184 bytes [23:18 01/10/2010] [21:16 11/11/2010] AE624F95D32A8D76806EC9B3C46E502C
C:\Users\jussi\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=992640&fid=988359.xml --a---- 181 bytes [20:41 11/11/2010] [21:16 11/11/2010] 1AB17973F29137222C046FE94587C05F
C:\Users\jussi\AppData\Roaming\Microsoft\Windows\Cookies\jussi@apps.conduit[2].txt --a---- 614 bytes [18:14 08/06/2011] [18:14 08/06/2011] 00FE49C9649A3C9E9DC699BB1C705863
C:\Users\jussi\AppData\Roaming\Microsoft\Windows\Cookies\jussi@search.conduit[2].txt --a---- 270 bytes [23:20 01/10/2010] [23:20 01/10/2010] AF9832222968A41C33CE58FEBF9997A6
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\chrome\conduitengine.jar --a---- 729935 bytes [14:24 08/05/2011] [14:30 13/03/2011] 4A2D55615F60C3A00E03ECFD39224EC5
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js --a---- 16435 bytes [14:24 08/05/2011] [14:30 13/03/2011] FA0D9E1396C227B8697E41996A95912B
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [14:24 08/05/2011] [14:30 13/03/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\components\ConduitToolbar.idl --a---- 152 bytes [14:24 08/05/2011] [14:30 13/03/2011] 33D4D4337895FCA507DF937B5980D41A
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\components\ConduitToolbar.js --a---- 2389 bytes [14:24 08/05/2011] [14:30 13/03/2011] 6A2C72DF1348F39C0CE44E1B8C10F5CE
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt --a---- 140 bytes [14:24 08/05/2011] [14:30 13/03/2011] DFFE26916941DE0A33E503FD38008290
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\searchplugin\conduit.gif --a---- 173 bytes [14:24 08/05/2011] [14:30 13/03/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\searchplugin\conduit.ico --a---- 1406 bytes [14:24 08/05/2011] [14:30 13/03/2011] A23164BA794BE61799C67423F56C9163
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\searchplugin\conduit.PNG --a---- 255 bytes [14:24 08/05/2011] [14:30 13/03/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\searchplugin\conduit.src --a---- 328 bytes [14:24 08/05/2011] [14:30 13/03/2011] 43317CC423A502C077AD68F838249117
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com\searchplugin\conduit.xml --a---- 913 bytes [14:24 08/05/2011] [14:30 13/03/2011] 4E45A93B99F44F41EADFB167FB85FB02
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitAutoCompleteSearch.js --a---- 16435 bytes [14:24 08/05/2011] [14:18 21/03/2011] FA0D9E1396C227B8697E41996A95912B
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [14:24 08/05/2011] [14:18 21/03/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.idl --a---- 148 bytes [14:24 08/05/2011] [14:18 21/03/2011] E6B6CE0E834E345B978AC056F8B44827
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.js --a---- 2377 bytes [14:24 08/05/2011] [14:18 21/03/2011] 2B8970AD83964754440586145E1B5111
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.xpt --a---- 136 bytes [14:24 08/05/2011] [14:18 21/03/2011] EFBC23A9F8E4B0BF3593AE743C27419D
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.gif --a---- 173 bytes [14:24 08/05/2011] [14:18 21/03/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.ico --a---- 1406 bytes [14:24 08/05/2011] [14:18 21/03/2011] A23164BA794BE61799C67423F56C9163
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.PNG --a---- 255 bytes [14:24 08/05/2011] [14:18 21/03/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.src --a---- 270 bytes [14:24 08/05/2011] [14:18 21/03/2011] 59AB21C694E4B7A1FDCD0FF8B96EB0A1
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.xml --a---- 879 bytes [14:24 08/05/2011] [14:18 21/03/2011] 46DB5A7C1C97D1D64E5A5D6833900129
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\conduit.xml --a---- 933 bytes [16:35 25/04/2010] [10:12 21/04/2010] C256CE9B661F2DF0FD8A4342753C6765

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\searchqutoolbar d------ [18:29 30/05/2011]
C:\Users\jussi\AppData\LocalLow\searchquband d------ [18:14 08/06/2011]
C:\Users\jussi\AppData\LocalLow\searchqutoolbar d------ [18:29 30/05/2011]
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar d------ [18:29 30/05/2011]

Searching for "*iLivid*"
C:\Program Files (x86)\Windows iLivid Toolbar d------ [18:29 30/05/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*Conduit*"
C:\Program Files (x86)\Conduit d------ [16:32 25/04/2010]
C:\Users\AppData\LocalLow\Conduit d------ [16:32 25/04/2010]
C:\Users\AppData\LocalLow\tutudragon3\Repository\conduit_CT2599818_CT2599818 d------ [16:32 25/04/2010]
C:\Users\jussi\AppData\LocalLow\Conduit d------ [10:38 25/09/2010]
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\conduit d------ [12:46 30/04/2010]
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com d------ [14:24 08/05/2011]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Publisher"="Bandoo Media, Inc"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Windows iLivid Toolbar"
[HKEY_CURRENT_USER\Software\DataMngr]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"DLLPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"Folder"="C:\Program Files (x86)\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"UIPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"DisplayName"="Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"UninstallString"="C:\Program Files (x86)\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"DisplayIcon"="C:\Program Files (x86)\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb]
"Folder"="C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61F30AA1-E6C5-44ED-B19F-6E0950925565}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6EEC602-533F-4B37-A11B-C8DC7581E456}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61F30AA1-E6C5-44ED-B19F-6E0950925565}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6EEC602-533F-4B37-A11B-C8DC7581E456}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61F30AA1-E6C5-44ED-B19F-6E0950925565}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6EEC602-533F-4B37-A11B-C8DC7581E456}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Windows iLivid Toolbar"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr]
"Path"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"

Searching for "whitesmoke"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\842975]
"Url"="http://alerts.conduit-services.com/?aid=847172&fid=842975"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\892962]
"Url"="http://alerts.conduit-services.com/root/897164/892962/SE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/SE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\988359]
"Url"="http://alerts.conduit-services.com/root/992640/988359/SE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarSettings]
"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818_CT2599818]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\3826048400]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\571671365]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\571800893]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings]
"SearchFromAdressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT2599818&amp;q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\LanguagePack]
"LanguagePackServerUrl"="http://translation.users.conduit.com/Translation.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"ServiceURL"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&amp;SearchSourceOrigin=29&amp;ctid=EB_TOOLBAR_ID&amp;octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver5.3.4.2/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver5.3.6.2/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>SWXX0031</LOCATION_ID><DAYS><DAY1><DATE>20100429</DATE><DAY>Thursday</DAY><F_MIN>47</F_MIN><F_MAX>58</F_MAX><C_MIN>8</C_MIN><C_MAX>14</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>3</UV_INDEX><SUNSET>8:37 pm</SUNSET><SUNRISE>4:55 am</SUNRISE><MOONRISE>10:57 pm</MOONRISE><MOONSET>4:29 am</MOONSET><MOON_PHASE>Waning Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/mostly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20100430</DATE><DAY>Friday</DAY><F_MIN>45</F_MIN><F_MAX>60</F_MAX><C_MIN>7</C_MIN><C_MAX>15</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>2</UV_INDEX><SUNSET>8:39 pm</SUNSET><SUNRISE>4:52 am</SUNRISE><MOONRISE>11:59 pm</MOONRISE><MOONSET>4:53 am</MOONSET><MOON_PHASE>Waning Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Cloudy</CONDITION_DESCRIPTION><CONDITION_ICO
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1DAA0A7-DAEF-49D0-9391-9502070C16E7}]
@="Conduit API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"576374F8207D9F54E8CB43B2041CB75F"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\576374F8207D9F54E8CB43B2041CB75F]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"576374F8207D9F54E8CB43B2041CB75F"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\tutudragon3\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\tutudragon3\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D1DAA0A7-DAEF-49D0-9391-9502070C16E7}]
@="Conduit API Server"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\842975]
"Url"="http://alerts.conduit-services.com/?aid=847172&fid=842975"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\892962]
"Url"="http://alerts.conduit-services.com/root/897164/892962/SE"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/SE"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\988359]
"Url"="http://alerts.conduit-services.com/root/992640/988359/SE"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818]
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarSettings]
"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\conduit_CT2599818_CT2599818]
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\3826048400]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\571671365]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\Repository\MetaData\571800893]
"dbname"="conduit_CT2599818_CT2599818"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings]
"SearchFromAdressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT2599818&amp;q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\LanguagePack]
"LanguagePackServerUrl"="http://translation.users.conduit.com/Translation.ashx"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"ServiceURL"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&amp;SearchSourceOrigin=29&amp;ctid=EB_TOOLBAR_ID&amp;octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver5.3.4.2/tbedrs.dll"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver5.3.6.2/tbedrs.dll"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\tutudragon3\toolbar\settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>SWXX0031</LOCATION_ID><DAYS><DAY1><DATE>20100429</DATE><DAY>Thursday</DAY><F_MIN>47</F_MIN><F_MAX>58</F_MAX><C_MIN>8</C_MIN><C_MAX>14</C_MAX><UV_DESCRIPTION>Moderate</UV_DESCRIPTION><UV_INDEX>3</UV_INDEX><SUNSET>8:37 pm</SUNSET><SUNRISE>4:55 am</SUNRISE><MOONRISE>10:57 pm</MOONRISE><MOONSET>4:29 am</MOONSET><MOON_PHASE>Waning Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Mostly Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/mostly_cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20100430</DATE><DAY>Friday</DAY><F_MIN>45</F_MIN><F_MAX>60</F_MAX><C_MIN>7</C_MIN><C_MAX>15</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>2</UV_INDEX><SUNSET>8:39 pm</SUNSET><SUNRISE>4:52 am</SUNRISE><MOONRISE>11:59 pm</MOONRISE><MOONSET>4:53 am</MOONSET><MOON_PHASE>Waning Gibbous</MOON_PHASE><CONDITION_DESCRIPTION>Cloudy
[HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Conduit]

-= EOF =-
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 8th, 2011, 5:22 pm

juala,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

tutudragon3 Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Custom Fix with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
You can also download OTL from HERE
Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in all the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js
    C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js
    C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css
    C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js
    C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js
    C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll
    C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll
    C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\SetupDataMngr_Searchqu[1].exe
    C:\Users\jussi\AppData\Local\Temp\searchqu.ini
    C:\Users\jussi\AppData\Local\Temp\searchqutoolbar-manifest.xml
    C:\Users\jussi\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
    C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\SearchquWebSearch.xml
    C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-A164B43F.pf
    C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-3F6EB214.pf
    C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\ilivid[1].7z
    C:\Users\jussi\AppData\Local\Temp\ilivid.7z
    C:\Users\jussi\Downloads\iLividSetupV1.exe
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-12B68B72.pf
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4206F73E.pf
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-D46B3AD8.pf
    C:\Program Files (x86)\Steam\steamapps\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm
    C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\searchqutoolbar
    C:\Users\jussi\AppData\LocalLow\searchquband
    C:\Users\jussi\AppData\LocalLow\searchqutoolbar
    C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar
    C:\Program Files (x86)\Windows iLivid Toolbar
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
    [-HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
    [-HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\Homepage]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\UrlbarSearch]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\List\Item2]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=-
    [HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again, Check the box at the top, labeled Include 64 bit scans
    and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 9th, 2011, 7:39 am

here is the scan from the first one:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css moved successfully.
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js moved successfully.
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js moved successfully.
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll moved successfully.
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\SetupDataMngr_Searchqu[1].exe moved successfully.
C:\Users\jussi\AppData\Local\Temp\searchqu.ini moved successfully.
C:\Users\jussi\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\jussi\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-A164B43F.pf moved successfully.
C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-3F6EB214.pf moved successfully.
C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\ilivid[1].7z moved successfully.
C:\Users\jussi\AppData\Local\Temp\ilivid.7z moved successfully.
C:\Users\jussi\Downloads\iLividSetupV1.exe moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-12B68B72.pf moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4206F73E.pf moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-D46B3AD8.pf moved successfully.
C:\Program Files (x86)\Steam\steamapps\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm moved successfully.
C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\searchqutoolbar folder moved successfully.
C:\Users\jussi\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\jussi\AppData\LocalLow\searchqutoolbar\coupons folder moved successfully.
C:\Users\jussi\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar\weather folder moved successfully.
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar\coupons folder moved successfully.
C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\List\Item2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\Homepage\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\UrlbarSearch\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\List\Item2\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61F30AA1-E6C5-44ED-B19F-6E0950925565} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61F30AA1-E6C5-44ED-B19F-6E0950925565}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6EEC602-533F-4B37-A11B-C8DC7581E456} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6EEC602-533F-4B37-A11B-C8DC7581E456}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61F30AA1-E6C5-44ED-B19F-6E0950925565} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61F30AA1-E6C5-44ED-B19F-6E0950925565}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6EEC602-533F-4B37-A11B-C8DC7581E456} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6EEC602-533F-4B37-A11B-C8DC7581E456}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61F30AA1-E6C5-44ED-B19F-6E0950925565} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61F30AA1-E6C5-44ED-B19F-6E0950925565}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6EEC602-533F-4B37-A11B-C8DC7581E456} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6EEC602-533F-4B37-A11B-C8DC7581E456}\ not found.
Registry value HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administratör
->Temp folder emptied: 325550 bytes
->Temporary Internet Files folder emptied: 78164 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27334026 bytes
->Flash cache emptied: 610 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jussi
->Temp folder emptied: 876347511 bytes
->Temporary Internet Files folder emptied: 151098086 bytes
->Java cache emptied: 4794920 bytes
->FireFox cache emptied: 481708780 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 379401 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: zone

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 512000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20948234572 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 733956341 bytes

Total Files Cleaned = 22 149,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_131801

Files\Folders moved on Reboot...
C:\Users\jussi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{982FB6D8-D1D3-437E-BA6D-C354BC337BF2}.tmp not found!
File\Folder C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A92C44B-C1B3-4228-AA04-5C2C13CB4CAF}.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.





And here is the quck scan with the INCLUDE 64 BIT SCANS:

OTL logfile created on: 2011-06-09 13:35:32 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\jussi\Desktop\OTL
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,37% Memory free
8,00 Gb Paging File | 6,16 Gb Available in Paging File | 77,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 491,82 Gb Free Space | 52,80% Space Free | Partition Type: NTFS

Computer Name: JUSSI-DATOR | User Name: jussi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-14 19:03:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-02-20 17:38:10 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-11-20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010-10-05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-02-18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009-06-04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009-06-04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007-09-04 19:51:42 | 001,702,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe


========== Modules (SafeList) ==========

MOD - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-09-29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-13 15:34:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-03-28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-05-04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-04-16 19:29:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010-04-16 19:08:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010-09-29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010-04-16 18:01:22 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-11-23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009-11-23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009-09-29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009-09-29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-09-29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009-09-28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 02:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009-06-04 02:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009-06-04 02:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009-06-04 02:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009-06-04 02:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009-06-04 02:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009-06-04 02:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007-10-30 09:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nordecr.sys -- (TdsNordecr)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010-04-16 22:26:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 94 91 F8 77 DD CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8123

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "LOCKERZ Restock Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2453368&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 09:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-09 14:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-16 18:33:54 | 000,000,000 | ---D | M]

[2011-05-30 20:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Extensions
[2011-06-06 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions
[2011-05-08 16:24:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011-05-08 16:24:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com
[2010-04-21 12:12:12 | 000,000,933 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\conduit.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\google-search.xml
[2011-06-08 20:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-05-13 15:47:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-04-16 17:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-15 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011-04-14 19:03:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-09-15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2010-01-01 10:00:00 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010-01-01 10:00:00 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (tutudragon3 Toolbar) - {E9935AF9-87E2-415B-94E3-4A91C3DA40E1} - File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [OTL] C:\Users\jussi\Desktop\OTL\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-09 13:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-06-09 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\OTL
[2011-06-08 21:12:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\SystemLook
[2011-06-08 21:00:27 | 000,000,000 | ---D | C] -- C:\Program\Java
[2011-06-08 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\JAva
[2011-06-08 20:51:25 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\vår värld
[2011-06-08 20:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-06-07 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\DDS
[2011-06-06 16:23:18 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-06-06 16:23:18 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-06-01 10:15:58 | 000,000,000 | ---D | C] -- C:\Users\jussi\Documents\Thief - Deadly Shadows
[2011-05-30 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\PackageAware
[2011-05-29 16:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozen Synapse
[2011-05-29 16:53:46 | 000,000,000 | ---D | C] -- C:\FrozenSynapse
[2011-05-29 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Frozen synapse
[2011-05-27 17:28:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-05-26 15:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011-05-26 15:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2011-05-25 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\MINECRAFT 25.5
[2011-05-24 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-05-24 21:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011-05-24 14:46:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011-05-24 14:45:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011-05-14 19:39:52 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\Threat Expert
[2011-05-14 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Malwarebytes
[2011-05-14 10:49:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-05-14 10:49:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-14 10:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-05-14 10:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011-05-13 15:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-05-13 08:19:50 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Petroglyph
[2011-05-13 08:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Petroglyph
[2011-05-12 18:45:57 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Dwarfs!
[2011-05-11 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-09-07 20:28:16 | 814,143,398 | ---- | C] (GOA ) -- C:\Program Files (x86)\loleusetup.exe
[2009-06-04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009-06-04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-09 13:35:01 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-09 13:30:36 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 13:30:36 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 13:24:10 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-09 13:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-09 13:23:08 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-09 13:22:26 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 13:22:26 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 13:22:26 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-08 20:19:53 | 000,141,594 | ---- | M] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | M] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:34:02 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-06 16:26:29 | 001,641,192 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-06-01 09:49:49 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | M] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-26 15:20:02 | 000,002,176 | ---- | M] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-25 15:45:38 | 001,609,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-05-25 15:45:38 | 000,673,214 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011-05-25 15:45:38 | 000,664,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-05-25 15:45:38 | 000,147,030 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011-05-25 15:45:38 | 000,126,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-05-25 09:25:27 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-05-25 09:25:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-05-25 09:25:23 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011-05-25 08:35:13 | 000,479,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 02:21:03 | 000,007,664 | -HS- | M] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 15:47:11 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-05-12 20:45:52 | 020,533,281 | ---- | M] () -- C:\Users\jussi\Documents\vlc-1.1.9-win32.exe
[2011-05-11 11:28:49 | 335,461,811 | ---- | M] () -- C:\Windows\MEMORY.DMP
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-08 20:19:36 | 000,141,594 | ---- | C] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | C] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:33:56 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-01 09:49:49 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | C] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-26 15:20:02 | 000,002,176 | ---- | C] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-24 14:47:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011-05-24 14:45:02 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011-05-24 14:44:38 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011-05-24 14:44:37 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011-05-20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:27:41 | 001,641,192 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-05-14 02:21:03 | 000,007,664 | -HS- | C] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 15:47:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-04-13 13:52:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-02-02 18:40:24 | 000,000,565 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\myMPQ.ini
[2010-11-19 11:26:50 | 000,000,600 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\winscp.rnd
[2010-11-01 18:28:51 | 000,143,452 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010-09-12 21:44:12 | 000,000,093 | ---- | C] () -- C:\Users\jussi\AppData\Local\fusioncache.dat
[2010-09-09 18:42:07 | 000,215,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-09-09 18:42:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-09-09 18:42:04 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010-08-29 17:19:32 | 001,586,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-04-30 08:15:23 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010-04-19 18:30:09 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010-04-18 14:50:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-04-18 13:41:18 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010-04-16 19:07:35 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010-04-16 19:07:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-06-04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009-06-04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009-06-04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009-06-04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009-06-04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009-06-04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009-05-27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008-02-07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2007-12-28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010-09-26 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.BitTornado
[2011-05-25 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.minecraft
[2011-06-08 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Azureus
[2010-05-17 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Lite
[2010-04-30 08:07:29 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Pro
[2011-05-27 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dropbox
[2011-05-29 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-12-05 00:27:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\EurekaLog
[2010-05-12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\HeidiSQL
[2011-05-04 17:25:46 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Leadertech
[2010-09-07 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\LolClient
[2010-11-19 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\NCH Swift Sound
[2011-02-20 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Personal
[2011-05-27 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Raptr
[2010-12-28 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\RIFT
[2011-05-12 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Spotify
[2010-12-07 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\TS3Client
[2011-05-16 13:53:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :processes >

< killallprocesses >

< >

< :files >

< C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js >

< C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js >

< C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css >

< C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js >

< C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js >

< C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css >

< C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml >

< C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll >

< C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll >

< C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\SetupDataMngr_Searchqu[1].exe >

< C:\Users\jussi\AppData\Local\Temp\searchqu.ini >

< C:\Users\jussi\AppData\Local\Temp\searchqutoolbar-manifest.xml >

< C:\Users\jussi\AppData\Local\Temp\SetupDataMngr_Searchqu.exe >

< C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\SearchquWebSearch.xml >

< C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-A164B43F.pf >

< C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-3F6EB214.pf >

< C:\Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\ilivid[1].7z >

< C:\Users\jussi\AppData\Local\Temp\ilivid.7z >

< C:\Users\jussi\Downloads\iLividSetupV1.exe >

< C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-12B68B72.pf >

< C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4206F73E.pf >

< C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-D46B3AD8.pf >

< C:\Program Files (x86)\Steam\steamapps\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm >

< C:\Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\searchqutoolbar >

< C:\Users\jussi\AppData\LocalLow\searchquband >

< C:\Users\jussi\AppData\LocalLow\searchqutoolbar >

< C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar >

< C:\Program Files (x86)\Windows iLivid Toolbar >

< >

< :reg >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar] >

< [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar] >

< [-HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage] >

< [-HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch] >

< [-HKEY_CURRENT_USER\Software\DataMngr\List\Item2] >

< [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\AppDataLow\Software\searchqutoolbar] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\Homepage] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\Files\UrlbarSearch] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr\List\Item2] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] >

< [-HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\DataMngr] >

< [-HKEY_CURRENT_USER\Software\DataMngr] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCS] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquMediabarTb] >

< [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=- >

< [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=- >

< [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=- >

< [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=- >

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{61F30AA1-E6C5-44ED-B19F-6E0950925565}"=- >

< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

< "{D6EEC602-533F-4B37-A11B-C8DC7581E456}"=- >

< [HKEY_USERS\S-1-5-21-410455471-1595309784-864871332-1000\Software\Microsoft\Internet Explorer\Main] >

< "Start Page"=- >

< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >

< "Start Page"=- >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] >

< "{99079a25-328f-4bd4-be04-00955acaa0a7}"=- >

< >

< :Commands >

< [EMPTYTEMP] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >



Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 9th, 2011, 7:51 am

Juala,
Let's check to see if there are any leftovers.
---------------------------------------------
Run SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The new log can also be found on your Desktop entitled SystemLook.txt

-----------------------------------------------
Now clear any memorized browser redirects:
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
Click GO and post the result (Result.txt).

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 9th, 2011, 8:43 am

Hi,

Here is my scan from the systemlook program:

SystemLook 04.09.10 by jpshortstuff
Log created at 14:29 on 09/06/2011 by jussi
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\06092011_131801\C_Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\06092011_131801\C_Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\_OTL\MovedFiles\06092011_131801\C_Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [18:29 30/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll --a---- 424848 bytes [13:32 02/03/2011] [13:32 02/03/2011] 4341DAF80A4C03D2119770CA27FD4997
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:32 02/03/2011] [13:32 02/03/2011] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\SetupDataMngr_Searchqu[1].exe --a---- 2596544 bytes [18:29 30/05/2011] [18:29 30/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Temp\searchqu.ini --a---- 414 bytes [18:29 30/05/2011] [18:29 30/05/2011] 5EC2A9FDAA43596854FE7E787F60112C
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 2596544 bytes [18:29 30/05/2011] [18:29 30/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [18:29 30/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\_OTL\MovedFiles\06092011_131801\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-A164B43F.pf --a---- 100226 bytes [18:29 30/05/2011] [18:29 30/05/2011] 0E548ED367E6B6432F4BAD6974EC5FC9
C:\_OTL\MovedFiles\06092011_131801\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-3F6EB214.pf --a---- 67166 bytes [18:29 30/05/2011] [18:29 30/05/2011] 0E09BE505E113D891F4D1D5DD5B5FAAD

Searching for "*iLivid*"
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MFW0KUU\ilivid[1].7z --a---- 725651 bytes [18:30 30/05/2011] [18:30 30/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Local\Temp\ilivid.7z --a---- 725651 bytes [18:30 30/05/2011] [18:30 30/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\Downloads\iLividSetupV1.exe --a---- 2023592 bytes [18:29 30/05/2011] [18:29 30/05/2011] C720C2C62A65E96EA42687D9F36DA641
C:\_OTL\MovedFiles\06092011_131801\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-12B68B72.pf --a---- 33214 bytes [18:29 30/05/2011] [18:29 30/05/2011] 488B84CC2256A91BB07ECACF136DB64E
C:\_OTL\MovedFiles\06092011_131801\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-4206F73E.pf --a---- 63496 bytes [17:44 01/06/2011] [17:44 01/06/2011] 384E9B89D8F95D3666E369B7487E9D51
C:\_OTL\MovedFiles\06092011_131801\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-D46B3AD8.pf --a---- 69374 bytes [18:29 30/05/2011] [18:29 30/05/2011] 6E0207591371C7613C0AEB5D4C4B2DD2

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Steam\steamapps\steamapps\common\alien swarm\swarm\resource\particletemplates\whitesmoke.ptm --a---- 2578 bytes [22:46 27/08/2010] [19:21 25/07/2010] A75467F0FD3C3E39B465FBE13099A740

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\06092011_131801\C_Users\Administratör\AppData\Roaming\Mozilla\Firefox\Profiles\omn40dj7.default\searchqutoolbar d------ [18:29 30/05/2011]
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\LocalLow\searchquband d------ [18:14 08/06/2011]
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\LocalLow\searchqutoolbar d------ [18:29 30/05/2011]
C:\_OTL\MovedFiles\06092011_131801\C_Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchqutoolbar d------ [18:29 30/05/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\06092011_131801\C_Program Files (x86)\Windows iLivid Toolbar d------ [18:29 30/05/2011]

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

-= EOF =-


Here is the scan from the minitoolbox.exe

MiniToolBox by Farbar
Ran by jussi (administrator) on 09-06-2011 at 14:42:20
Windows 7 Professional Service Pack 1 (X64)

***************************************************************************


================= Flush DNS: ==============================================

IP-konfiguration f”r Windows

DNS-matcharens cacheminne har rensats.

================= End of Flush DNS ========================================


Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 9th, 2011, 12:31 pm

Juala,
We certainly got most of it.
Just a few more...

----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 9th, 2011, 1:33 pm

Hello,

Here is the first scan log:

========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_190136

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.

I didnt understand if the quick scan was supposed to be a full scan or with the codes you told me to put in in the first scan, so I did both if that's ok?

Here is teh full quick scan log:

OTL logfile created on: 2011-06-09 19:16:05 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\jussi\Desktop\OTL
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,71% Memory free
8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 490,66 Gb Free Space | 52,67% Space Free | Partition Type: NTFS

Computer Name: JUSSI-DATOR | User Name: jussi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-14 19:03:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-02-20 17:38:10 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-11-20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010-10-05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-02-18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009-06-04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009-06-04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007-09-04 19:51:42 | 001,702,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe


========== Modules (SafeList) ==========

MOD - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-09-29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-13 15:34:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-03-28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-05-04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-04-16 19:29:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010-04-16 19:08:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010-09-29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010-04-16 18:01:22 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-11-23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009-11-23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009-09-29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009-09-29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-09-29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009-09-28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 02:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009-06-04 02:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009-06-04 02:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009-06-04 02:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009-06-04 02:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009-06-04 02:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009-06-04 02:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007-10-30 09:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nordecr.sys -- (TdsNordecr)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010-04-16 22:26:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 94 91 F8 77 DD CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8123

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "LOCKERZ Restock Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2453368&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 09:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-09 14:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-16 18:33:54 | 000,000,000 | ---D | M]

[2011-05-30 20:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Extensions
[2011-06-06 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions
[2011-05-08 16:24:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011-05-08 16:24:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com
[2010-04-21 12:12:12 | 000,000,933 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\conduit.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\google-search.xml
[2011-06-08 20:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-05-13 15:47:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-04-16 17:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-15 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011-04-14 19:03:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-09-15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2010-01-01 10:00:00 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010-01-01 10:00:00 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (tutudragon3 Toolbar) - {E9935AF9-87E2-415B-94E3-4A91C3DA40E1} - File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [OTL] C:\Users\jussi\Desktop\OTL\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-06-09 13:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-06-09 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\OTL
[2011-06-08 21:12:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\SystemLook
[2011-06-08 21:00:27 | 000,000,000 | ---D | C] -- C:\Program\Java
[2011-06-08 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\JAva
[2011-06-08 20:51:25 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\vår värld
[2011-06-08 20:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-06-07 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\DDS
[2011-06-06 16:23:18 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-06-06 16:23:18 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-06-01 10:15:58 | 000,000,000 | ---D | C] -- C:\Users\jussi\Documents\Thief - Deadly Shadows
[2011-05-30 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\PackageAware
[2011-05-29 16:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozen Synapse
[2011-05-29 16:53:46 | 000,000,000 | ---D | C] -- C:\FrozenSynapse
[2011-05-29 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Frozen synapse
[2011-05-27 17:28:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-05-26 15:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011-05-26 15:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2011-05-25 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\MINECRAFT 25.5
[2011-05-24 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-05-24 21:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011-05-24 14:46:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011-05-24 14:45:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011-05-14 19:39:52 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\Threat Expert
[2011-05-14 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Malwarebytes
[2011-05-14 10:49:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-05-14 10:49:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-14 10:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-05-14 10:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011-05-13 15:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-05-13 08:19:50 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Petroglyph
[2011-05-13 08:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Petroglyph
[2011-05-12 18:45:57 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Dwarfs!
[2011-05-11 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-09-07 20:28:16 | 814,143,398 | ---- | C] (GOA ) -- C:\Program Files (x86)\loleusetup.exe
[2009-06-04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009-06-04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-09 19:19:27 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 19:19:27 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 19:12:18 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-09 19:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-09 19:11:59 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-09 19:11:18 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 19:11:18 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 19:11:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 18:35:05 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-09 16:46:24 | 000,020,764 | ---- | M] () -- C:\Users\jussi\Documents\IMG_09062011_164555.png
[2011-06-08 20:19:53 | 000,141,594 | ---- | M] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | M] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:34:02 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-06 16:26:29 | 001,641,192 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-06-01 09:49:49 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | M] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-26 15:20:02 | 000,002,176 | ---- | M] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-25 15:45:38 | 001,609,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-05-25 15:45:38 | 000,673,214 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011-05-25 15:45:38 | 000,664,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-05-25 15:45:38 | 000,147,030 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011-05-25 15:45:38 | 000,126,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-05-25 09:25:27 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-05-25 09:25:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-05-25 09:25:23 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011-05-25 08:35:13 | 000,479,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 02:21:03 | 000,007,664 | -HS- | M] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 15:47:11 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-05-12 20:45:52 | 020,533,281 | ---- | M] () -- C:\Users\jussi\Documents\vlc-1.1.9-win32.exe
[2011-05-11 11:28:49 | 335,461,811 | ---- | M] () -- C:\Windows\MEMORY.DMP
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-09 16:46:20 | 000,020,764 | ---- | C] () -- C:\Users\jussi\Documents\IMG_09062011_164555.png
[2011-06-08 20:19:36 | 000,141,594 | ---- | C] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | C] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:33:56 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-01 09:49:49 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | C] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-26 15:20:02 | 000,002,176 | ---- | C] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-24 14:47:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011-05-24 14:45:02 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011-05-24 14:44:38 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011-05-24 14:44:37 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011-05-20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:27:41 | 001,641,192 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-05-14 02:21:03 | 000,007,664 | -HS- | C] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 15:47:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-04-13 13:52:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-02-02 18:40:24 | 000,000,565 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\myMPQ.ini
[2010-11-19 11:26:50 | 000,000,600 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\winscp.rnd
[2010-11-01 18:28:51 | 000,143,452 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010-09-12 21:44:12 | 000,000,093 | ---- | C] () -- C:\Users\jussi\AppData\Local\fusioncache.dat
[2010-09-09 18:42:07 | 000,215,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-09-09 18:42:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-09-09 18:42:04 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010-08-29 17:19:32 | 001,586,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-04-30 08:15:23 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010-04-19 18:30:09 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010-04-18 14:50:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-04-18 13:41:18 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010-04-16 19:07:35 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010-04-16 19:07:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-06-04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009-06-04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009-06-04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009-06-04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009-06-04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009-06-04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009-05-27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008-02-07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2007-12-28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010-09-26 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.BitTornado
[2011-06-09 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.minecraft
[2011-06-08 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Azureus
[2010-05-17 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Lite
[2010-04-30 08:07:29 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Pro
[2011-05-27 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dropbox
[2011-05-29 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-12-05 00:27:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\EurekaLog
[2010-05-12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\HeidiSQL
[2011-05-04 17:25:46 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Leadertech
[2010-09-07 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\LolClient
[2010-11-19 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\NCH Swift Sound
[2011-02-20 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Personal
[2011-05-27 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Raptr
[2010-12-28 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\RIFT
[2011-05-12 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Spotify
[2010-12-07 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\TS3Client
[2011-05-16 13:53:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

And here is the one with your restrictions:


OTL logfile created on: 2011-06-09 19:27:41 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\jussi\Desktop\OTL
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 52,92% Memory free
8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 490,42 Gb Free Space | 52,65% Space Free | Partition Type: NTFS

Computer Name: JUSSI-DATOR | User Name: jussi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-14 19:03:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-02-20 17:38:10 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2010-11-20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010-10-05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-02-18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009-06-04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009-06-04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007-09-04 19:51:42 | 001,702,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe


========== Modules (SafeList) ==========

MOD - [2011-06-09 13:16:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\jussi\Desktop\OTL\OTL.exe
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-09-29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009-09-29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-05-25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-05-20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-05-13 15:34:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-03-28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-09-09 18:49:51 | 000,215,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-09-09 18:42:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-05-04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-04-16 19:29:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010-04-16 19:08:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010-09-29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010-04-16 18:01:22 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-11-23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009-11-23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009-09-29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009-09-29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009-09-29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009-09-28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 02:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009-06-04 02:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009-06-04 02:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009-06-04 02:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009-06-04 02:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009-06-04 02:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009-06-04 02:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009-06-04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009-06-04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009-06-04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007-10-30 09:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nordecr.sys -- (TdsNordecr)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010-04-16 22:26:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 94 91 F8 77 DD CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8123

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "LOCKERZ Restock Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2453368&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=bEGZEDre&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-04-30 09:50:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-05-09 14:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-16 18:33:54 | 000,000,000 | ---D | M]

[2011-05-30 20:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Extensions
[2011-06-06 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions
[2011-05-08 16:24:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011-05-08 16:24:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jussi\AppData\Roaming\mozilla\Firefox\Profiles\vmo1u408.default\extensions\engine@conduit.com
[2010-04-21 12:12:12 | 000,000,933 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\conduit.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Users\jussi\AppData\Roaming\Mozilla\Firefox\Profiles\vmo1u408.default\searchplugins\google-search.xml
[2011-06-08 20:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-05-13 15:47:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-04-16 17:34:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-15 07:28:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\USERS\JUSSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMO1U408.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011-04-14 19:03:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-09-15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-01-01 10:00:00 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-03-16 20:55:08 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
[2010-01-01 10:00:00 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2010-01-01 10:00:00 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2010-01-01 10:00:00 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (tutudragon3 Toolbar) - {e9935af9-87e2-415b-94e3-4a91c3da40e1} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (tutudragon3 Toolbar) - {E9935AF9-87E2-415B-94E3-4A91C3DA40E1} - File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [OTL] C:\Users\jussi\Desktop\OTL\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb69c64-61c2-11df-aa2e-0022153804ca}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-09 13:18:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-06-09 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\OTL
[2011-06-08 21:12:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\SystemLook
[2011-06-08 21:00:27 | 000,000,000 | ---D | C] -- C:\Program\Java
[2011-06-08 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\JAva
[2011-06-08 20:51:25 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\vår värld
[2011-06-08 20:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011-06-07 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\DDS
[2011-06-06 16:23:18 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-06-06 16:23:18 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-06-01 10:15:58 | 000,000,000 | ---D | C] -- C:\Users\jussi\Documents\Thief - Deadly Shadows
[2011-05-30 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\PackageAware
[2011-05-29 16:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozen Synapse
[2011-05-29 16:53:46 | 000,000,000 | ---D | C] -- C:\FrozenSynapse
[2011-05-29 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Frozen synapse
[2011-05-27 17:28:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-05-26 15:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011-05-26 15:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2011-05-25 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\MINECRAFT 25.5
[2011-05-24 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011-05-24 21:13:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011-05-24 14:46:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011-05-24 14:45:29 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011-05-14 19:39:52 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Local\Threat Expert
[2011-05-14 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Malwarebytes
[2011-05-14 10:49:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-05-14 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-05-14 10:49:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-14 10:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-05-14 10:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011-05-13 15:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-05-13 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-05-13 08:19:50 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Petroglyph
[2011-05-13 08:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Petroglyph
[2011-05-12 18:45:57 | 000,000,000 | ---D | C] -- C:\Users\jussi\Desktop\Dwarfs!
[2011-05-11 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-09-07 20:28:16 | 814,143,398 | ---- | C] (GOA ) -- C:\Program Files (x86)\loleusetup.exe
[2009-06-04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009-06-04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-09 19:19:27 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 19:19:27 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-09 19:12:18 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-06-09 19:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-09 19:11:59 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-09 19:11:18 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 19:11:18 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 19:11:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx
[2011-06-09 18:35:05 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-06-09 16:46:24 | 000,020,764 | ---- | M] () -- C:\Users\jussi\Documents\IMG_09062011_164555.png
[2011-06-08 20:19:53 | 000,141,594 | ---- | M] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | M] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:34:02 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-06 16:26:29 | 001,641,192 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-06-01 09:49:49 | 000,000,220 | ---- | M] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | M] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-05-26 15:20:02 | 000,002,176 | ---- | M] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-25 15:45:38 | 001,609,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-05-25 15:45:38 | 000,673,214 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011-05-25 15:45:38 | 000,664,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-05-25 15:45:38 | 000,147,030 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011-05-25 15:45:38 | 000,126,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-05-25 09:25:27 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-05-25 09:25:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011-05-25 09:25:23 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011-05-25 08:35:13 | 000,479,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-05-20 22:35:28 | 000,304,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 10:44:28 | 000,007,850 | -HS- | M] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-14 02:21:03 | 000,007,664 | -HS- | M] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 15:47:11 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-05-12 20:45:52 | 020,533,281 | ---- | M] () -- C:\Users\jussi\Documents\vlc-1.1.9-win32.exe
[2011-05-11 11:28:49 | 335,461,811 | ---- | M] () -- C:\Windows\MEMORY.DMP
[6 C:\Users\jussi\Documents\*.tmp files -> C:\Users\jussi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-09 16:46:20 | 000,020,764 | ---- | C] () -- C:\Users\jussi\Documents\IMG_09062011_164555.png
[2011-06-08 20:19:36 | 000,141,594 | ---- | C] () -- C:\Users\jussi\Documents\myfirstragecomic.pdn
[2011-06-06 19:33:13 | 000,001,925 | ---- | C] () -- C:\Users\jussi\Desktop\Heroes of Newerth.lnk
[2011-06-06 16:33:56 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Eets.url
[2011-06-01 09:49:49 | 000,000,220 | ---- | C] () -- C:\Users\jussi\Desktop\Thief Deadly Shadows.url
[2011-05-29 16:54:23 | 000,000,666 | ---- | C] () -- C:\Users\jussi\Desktop\Frozen Synapse.lnk
[2011-05-26 15:20:02 | 000,002,176 | ---- | C] () -- C:\Users\jussi\Desktop\Amnesia.lnk
[2011-05-24 14:47:13 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011-05-24 14:45:02 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011-05-24 14:44:46 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011-05-24 14:44:38 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011-05-24 14:44:37 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011-05-20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-05-14 10:49:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-05-14 10:27:41 | 001,641,192 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-05-14 02:21:03 | 000,007,664 | -HS- | C] () -- C:\Users\jussi\AppData\Local\1107321794
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\Users\jussi\AppData\Local\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 17:40:24 | 000,007,850 | -HS- | C] () -- C:\ProgramData\3117s200hy2tn032syu2b6x4ag6ki7an174w
[2011-05-13 15:47:11 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-04-13 13:52:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-02-02 18:40:24 | 000,000,565 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\myMPQ.ini
[2010-11-19 11:26:50 | 000,000,600 | ---- | C] () -- C:\Users\jussi\AppData\Roaming\winscp.rnd
[2010-11-01 18:28:51 | 000,143,452 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010-09-12 21:44:12 | 000,000,093 | ---- | C] () -- C:\Users\jussi\AppData\Local\fusioncache.dat
[2010-09-09 18:42:07 | 000,215,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-09-09 18:42:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-09-09 18:42:04 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010-08-29 17:19:32 | 001,586,204 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-04-30 08:15:23 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010-04-19 18:30:09 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010-04-18 14:50:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-04-18 13:41:18 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010-04-16 19:07:35 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010-04-16 19:07:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-06-04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009-06-04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009-06-04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2009-06-04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009-06-04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009-06-04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009-05-27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008-02-07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2007-12-28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010-09-26 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.BitTornado
[2011-06-09 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\.minecraft
[2011-06-08 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Azureus
[2010-05-17 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Lite
[2010-04-30 08:07:29 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\DAEMON Tools Pro
[2011-05-27 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dropbox
[2011-05-29 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Dwarfs
[2010-12-05 00:27:06 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\EurekaLog
[2010-05-12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\HeidiSQL
[2011-05-04 17:25:46 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Leadertech
[2010-09-07 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\LolClient
[2010-11-19 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\NCH Swift Sound
[2011-02-20 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Personal
[2011-05-27 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Raptr
[2010-12-28 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\RIFT
[2011-05-12 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\Spotify
[2010-12-07 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\jussi\AppData\Roaming\TS3Client
[2011-05-16 13:53:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :processes >

< killallprocesses >

< >

< :Reg >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] >

< >

< :Commands >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >



/Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 9th, 2011, 3:22 pm

juala,
If the machine is running OK now, I think it's clean.
If you agree, clean up the tools we used as follows:

Start OTL (Right click and choose Run as administrator)
Click the button labeled Clean Up

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 9th, 2011, 8:50 pm

Hello,

I cleaned up using OTL and rebooted. But when i open up firefox it still opens as searchqu...

Thanks for the help so far, and I understand if you lost hope about me, but it would be nice to get it all cleaned out ;)

Best regards

Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby juala » June 9th, 2011, 8:51 pm

hi again.

I got it working now!!

Thx a thousand!

Best regards

Juala
juala
Active Member
 
Posts: 9
Joined: June 7th, 2011, 3:49 am

Re: I got the searchqu virus and i can't get rid of it!

Unread postby askey127 » June 9th, 2011, 9:10 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware