Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchqu Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchqu Problem

Unread postby harveywarvey » June 30th, 2011, 9:45 am

I have a problem with Searchqu 406 on my home laptop which is running Windows 7, I now understand the importance of the DDS logs and have pasted them below. Hope that you can help.

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Liam at 21:28:57 on 2011-06-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3003.1752 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\taskhost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uWindow Title = Windows Internet Explorer provided by MSN and Bing
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110518190407.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Spyware Doctor with AntiVirus] c:\users\liam\desktop\sdasetup[1].exe -min
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\liam\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{6054CA6F-0082-4EAF-A5DC-B0B12878EF20} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{6054CA6F-0082-4EAF-A5DC-B0B12878EF20}\C49616D6 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{C853F761-BD39-44C7-83B5-3FB3B9A7F153} : DhcpNameServer = 10.1.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-11 165032]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-11 64584]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-12-19 1737464]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-5 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-11 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-11 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-11 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-11 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-11 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-11 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2010-7-12 1800808]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-4-7 189808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-7-12 2320920]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-11 56064]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2009-5-20 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-4-25 5632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-5 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-11 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-11 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-11 314088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-1-28 68200]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-12 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-12 266344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-24 685424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-20 136176]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-20 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-5-19 136304]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-19 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-11 84488]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-12 51512]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-30 09:54:12 -------- d-----w- c:\users\liam\appdata\local\{4E0D694E-8CBD-475B-A578-D03CC25BF0C7}
2011-06-29 10:05:05 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 10:03:33 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 10:03:33 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 10:03:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 10:03:31 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 10:03:31 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 10:03:31 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 10:03:31 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 10:03:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 10:03:30 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 09:57:49 -------- d-----w- c:\users\liam\appdata\local\{5EA4E15A-A148-428B-AD11-1B9D9E414FD3}
2011-06-28 13:08:45 -------- d-----w- c:\users\liam\appdata\local\Ilivid Player
2011-06-28 13:07:18 -------- dc-h--w- c:\programdata\~0
2011-06-28 13:07:06 -------- d-----w- c:\program files\iLivid
2011-06-28 13:05:56 -------- d-----w- c:\programdata\boost_interprocess
2011-06-28 13:05:56 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-06-28 13:05:09 -------- d-----w- c:\users\liam\appdata\local\PackageAware
2011-06-28 07:33:49 -------- d-----w- c:\users\liam\appdata\local\{350F3087-9CB2-4681-A9C2-10396BE48500}
2011-06-27 06:26:32 -------- d-----w- c:\users\liam\appdata\local\{83E05942-233C-41F0-A1D0-824BA556D283}
2011-06-26 02:21:34 -------- d-----w- c:\users\liam\appdata\local\{B806C8B0-CCD6-45EE-A48C-E4381DB69399}
2011-06-25 06:57:37 -------- d-----w- c:\users\liam\appdata\local\{A6DB12BE-88F8-4E2E-B183-30BCB17F934C}
2011-06-25 06:57:36 -------- d-----w- c:\users\liam\appdata\local\{AFF56E61-A814-47FB-B81E-29B87D9F9BA8}
2011-06-25 06:57:17 -------- d-----w- c:\users\liam\Tracing
2011-06-25 06:52:45 -------- d-----w- c:\programdata\SweetIM
2011-06-25 06:52:45 -------- d-----w- c:\program files\SweetIM
2011-06-17 14:16:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 14:16:44 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 14:16:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 07:44:15 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 07:44:15 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 07:44:15 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 07:43:32 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 07:43:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 07:40:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 07:40:37 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 07:39:11 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 07:34:07 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 07:34:03 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 07:34:03 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 07:34:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 11:57:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 04:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-29 01:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 00:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 00:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-28 06:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 06:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 06:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 06:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 06:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 06:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 06:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 06:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 06:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 06:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 06:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 06:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 08:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 08:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 08:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 21:31:25.23 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/11/2010 3:02:45 PM
System Uptime: 30/06/2011 8:38:51 PM (1 hours ago)
.
Motherboard: TOSHIBA | | NWQAA
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | CPU | 1456/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 297.817 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP102: 4/06/2011 5:57:46 PM - Scheduled Checkpoint
RP103: 12/06/2011 4:22:39 PM - Scheduled Checkpoint
RP104: 17/06/2011 10:14:53 PM - Windows Update
RP105: 25/06/2011 4:03:38 PM - Scheduled Checkpoint
RP106: 28/06/2011 9:27:12 PM - Removed Ask Toolbar.
RP107: 29/06/2011 9:39:21 PM - Windows Update
RP108: 30/06/2011 6:55:21 PM - Installed HiJackThis
RP109: 30/06/2011 6:59:23 PM - Removed HiJackThis
RP110: 30/06/2011 7:01:41 PM - Installed HiJackThis
RP111: 30/06/2011 7:03:11 PM - Windows Update
RP112: 30/06/2011 7:23:46 PM - Windows Update
RP113: 30/06/2011 7:32:58 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
3Connect
ACDSee for PENTAX 3.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
B109a-m
Bejeweled 2 Deluxe
Bing Bar
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom 802.11 Network Adapter
BufferChm
Business Contact Manager for Outlook 2007 SP2
Chuzzle Deluxe
D3DX10
Destinations
DeviceDiscovery
DivX Codec
ENE CIR Receiver Driver
Escape Rosecliff Island
FATE - The Traitor Soul
Final Drive Nitro
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java(TM) 6 Update 17
Jewel Quest 3
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Halo
Microsoft IntelliPoint 8.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NAVIGON Fresh 3.2.0
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Updatus
Penguins!
PlayReady PC Runtime x86
PMB
Polar Bowler
Primo
PS_AIO_06_B109a-m_SW_Min
QuickTime
Rapport
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Runtime
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype Toolbars
Skype™ 5.3
SmartWebPrinting
SolutionCenter
Star Wars Battlefront II
Status
SweetIM for Messenger 3.5
SweetIM Toolbar for Internet Explorer 4.1
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Utility Common Driver
Virtual Villagers - The Secret City
WebReg
WildTangent Games
WildTangent ORB Game Console
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)
ZTE_1.2059.0.8
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
25/06/2011 3:04:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
25/06/2011 3:03:44 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/06/2011 3:03:09 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/06/2011 7:55:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Toshi\Liam SID (S-1-5-21-1007511871-525909101-3150634291-1006) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
harveywarvey
Active Member
 
Posts: 7
Joined: June 30th, 2011, 7:44 am
Advertisement
Register to Remove

Re: Searchqu Problem

Unread postby askey127 » July 4th, 2011, 11:17 am

Hi Harveywarvey,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
Java(TM) 6 Update 17
MarketResearch
McAfee Security Scan Plus
Norton Internet Security
Shop for HP Supplies
SweetIM for Messenger 3.5
SweetIM Toolbar for Internet Explorer 4.1
Windows iLivid Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    sweetIM
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu Problem

Unread postby harveywarvey » July 5th, 2011, 8:07 am

I removed all the programs apart from "MarketResearch" and "Norton Internet Security" which I could not find, I then rebooted and ran the scan which provided the following.

SystemLook 04.09.10 by jpshortstuff
Log created at 19:51 on 05/07/2011 by Liam
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GBMVTTH\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [13:05 28/06/2011] [13:05 28/06/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ84V0EK\searchqu_net[1].htm --a---- 6278 bytes [03:39 03/07/2011] [03:39 03/07/2011] 6C3068E61994F38C199EB25A89DA6FA9
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GUQSU2NE\how-to-remove-searchqu-uninstall-guide[1].htm --a---- 59836 bytes [03:26 03/07/2011] [03:26 03/07/2011] CB5612CD594C56A8A1E318CCD3FCEC56
C:\Users\Liam\AppData\Local\Temp\searchqu.ini --a---- 407 bytes [13:05 28/06/2011] [13:05 28/06/2011] 04F64638A2F40B69488437C25013F168
C:\Users\Liam\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [12:30 31/05/2011] [12:30 31/05/2011] B3FE09D2AB12FDF1657D1210E6332FD1
C:\Users\Liam\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [13:05 28/06/2011] [13:05 28/06/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@searchqu[2].txt --a---- 502 bytes [08:11 05/07/2011] [08:11 05/07/2011] AAEA57CFBEF62CEFD371094576BF3A1C
C:\Users\Liam\Favorites\How to Remove Searchqu (Uninstall Guide).url --a---- 1180 bytes [03:38 03/07/2011] [03:38 03/07/2011] 812FD16582CDF89536F3741F80596EEB
C:\Users\Liam\Favorites\[Resolved] Searchqu problem.url --a---- 969 bytes [03:26 03/07/2011] [03:26 03/07/2011] 76CA23CF4CF9A53A8B4BD198806FFD97
C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-B716AD1D.pf --a---- 68600 bytes [13:06 28/06/2011] [13:06 28/06/2011] DC5F2B72E4E602675D0BB8AD176DEADC
C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-0600BE92.pf --a---- 87904 bytes [13:06 28/06/2011] [13:06 28/06/2011] 89C36657EF60E1C294690FFB71E4DABF

Searching for "*iLivid*"
C:\Program Files\iLivid\ilivid.exe ------- 1941504 bytes [13:07 28/06/2011] [13:53 20/06/2011] 366C02F17990750F6D918CD9FD8FEFDA
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\iLividSetupV1.exe --a---- 2038544 bytes [13:04 28/06/2011] [13:04 28/06/2011] 771FF32613C7108E7BC3D327CFEED888
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\ilivid[1].7z --a---- 876394 bytes [13:07 28/06/2011] [13:07 28/06/2011] 033D1339378F2B100F646A52014AA42A
C:\Users\Liam\AppData\Local\Temp\ilivid.7z --a---- 876394 bytes [13:07 28/06/2011] [13:07 28/06/2011] 033D1339378F2B100F646A52014AA42A
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@ilivid[1].txt --a---- 375 bytes [13:08 28/06/2011] [13:08 28/06/2011] 64076F44502467EB0EB614AE0F1CA2DF
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@stats.ilivid[1].txt --a---- 91 bytes [13:02 28/06/2011] [13:02 28/06/2011] 27D38660852EA338F81A410106B6B26A
C:\Users\Liam\Downloads\iLividSetupV1.exe --a---- 2038544 bytes [13:04 28/06/2011] [13:04 28/06/2011] 771FF32613C7108E7BC3D327CFEED888
C:\Windows\Prefetch\ILIVID.EXE-49D55718.pf --a---- 99666 bytes [13:08 28/06/2011] [13:08 28/06/2011] A0E31AAB1392FEA1405553A53C45F456
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-0947878E.pf --a---- 60450 bytes [13:05 28/06/2011] [13:05 28/06/2011] CCDAB1484FF40A167041D5D288B137E4
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4CAB8D93.pf --a---- 30814 bytes [13:05 28/06/2011] [13:05 28/06/2011] D63D5834920354E224B93D7F1A4DD02D
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-A6FD06E3.pf --a---- 72170 bytes [13:29 28/06/2011] [13:29 28/06/2011] 6358FBB33518E2476B896D8CB9EA6744

Searching for "*whitesmoke*"
No files found.

Searching for "*sweetIM*"
C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe --a---- 457520 bytes [06:45 25/06/2011] [06:45 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D
C:\Users\Liam\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe --a---- 457520 bytes [06:46 25/06/2011] [06:52 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\liam@sweetim[1].txt --a---- 1570 bytes [08:48 25/06/2011] [11:34 05/07/2011] AADE4E766E497FA8EEE57E944D17F80E
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@sweetim[1].txt --a---- 1098 bytes [06:51 25/06/2011] [06:51 25/06/2011] 96DDAD6BED38C6D48FA9F909DA316311
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[2].txt --a---- 79 bytes [06:45 25/06/2011] [06:45 25/06/2011] 05B215F3DB6503623922192F5C8A1AE4
C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[3].txt --a---- 92 bytes [06:51 25/06/2011] [06:51 25/06/2011] 9B08C6FAFAAED7AE9E7B03B2F166E06E
C:\Users\Liam\Downloads\SweetImSetup.exe --a---- 457520 bytes [06:51 25/06/2011] [06:51 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Liam\AppData\LocalLow\searchquband d------ [13:07 28/06/2011]

Searching for "*iLivid*"
C:\Program Files\iLivid d------ [13:07 28/06/2011]
C:\Users\Liam\AppData\Local\Ilivid Player d------ [13:08 28/06/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*sweetIM*"
C:\Users\Liam\AppData\Local\Temp\SweetIMReinstall d------ [06:46 25/06/2011]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url12"="http://bandoo.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url13"="http://www.bandoo.com/"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
"url12"="http://bandoo.com/"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
"url13"="http://www.bandoo.com/"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
"Path"="C:\Program Files\iLivid\ilivid.exe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
"Path"="C:\Program Files\iLivid\ilivid.exe"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "sweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]
[HKEY_CURRENT_USER\Software\SweetIM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{82B3042C-D203-4A98-A9A9-9F2E6F589374}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AFC89502-1B47-4782-AB35-0146BE351DBE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1507BF61-184E-4CB8-9023-A95C12382502}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{82B3042C-D203-4A98-A9A9-9F2E6F589374}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AFC89502-1B47-4782-AB35-0146BE351DBE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1507BF61-184E-4CB8-9023-A95C12382502}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{82B3042C-D203-4A98-A9A9-9F2E6F589374}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AFC89502-1B47-4782-AB35-0146BE351DBE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1507BF61-184E-4CB8-9023-A95C12382502}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Liam\Downloads\SweetImSetup.exe|Name=SweetIM Installer|"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]

-= EOF =-
harveywarvey
Active Member
 
Posts: 7
Joined: June 30th, 2011, 7:44 am

Re: Searchqu Problem

Unread postby askey127 » July 5th, 2011, 6:50 pm

harveywarvey,
What a large pile of garbage they left on your machine !
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url12"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url13"=-
    [HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
    "url12"=-
    [HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
    "url13"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\AppDataLow\Software\searchqutoolbar]
    [HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    
    [-HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\IntelliPoint\AppSpecific\ilivid.exe]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]
    [-HKEY_CURRENT_USER\Software\SweetIM]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\Bars\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\users\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\contentdb\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{82B3042C-D203-4A98-A9A9-9F2E6F589374}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AFC89502-1B47-4782-AB35-0146BE351DBE}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1507BF61-184E-4CB8-9023-A95C12382502}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{82B3042C-D203-4A98-A9A9-9F2E6F589374}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AFC89502-1B47-4782-AB35-0146BE351DBE}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1507BF61-184E-4CB8-9023-A95C12382502}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6F35E4BE-CB04-41C0-BED2-2564D4E781E3}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{82B3042C-D203-4A98-A9A9-9F2E6F589374}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AFC89502-1B47-4782-AB35-0146BE351DBE}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1507BF61-184E-4CB8-9023-A95C12382502}"=-
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]
    [-HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\SweetIM]
    
    :Files
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GBMVTTH\SetupDataMngr_Searchqu[1].exe 
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ84V0EK\searchqu_net[1].htm 
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GUQSU2NE\how-to-remove-searchqu-uninstall-guide[1].htm 
    C:\Users\Liam\AppData\Local\Temp\searchqu.ini 
    C:\Users\Liam\AppData\Local\Temp\searchqutoolbar-manifest.xml 
    C:\Users\Liam\AppData\Local\Temp\SetupDataMngr_Searchqu.exe 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@searchqu[2].txt 
    C:\Users\Liam\Favorites\How to Remove Searchqu (Uninstall Guide).url 
    C:\Users\Liam\Favorites\[Resolved] Searchqu problem.url 
    C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-B716AD1D.pf 
    C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-0600BE92.pf 
    C:\Program Files\iLivid\ilivid.exe 
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\iLividSetupV1.exe 
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\ilivid[1].7z 
    C:\Users\Liam\AppData\Local\Temp\ilivid.7z 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@ilivid[1].txt 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@stats.ilivid[1].txt 
    C:\Users\Liam\Downloads\iLividSetupV1.exe 
    C:\Windows\Prefetch\ILIVID.EXE-49D55718.pf 
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-0947878E.pf 
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-4CAB8D93.pf 
    C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-A6FD06E3.pf 
    C:\Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe 
    C:\Users\Liam\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\liam@sweetim[1].txt 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@sweetim[1].txt 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[2].txt 
    C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[3].txt 
    C:\Users\Liam\Downloads\SweetImSetup.exe 
    C:\Users\Liam\AppData\LocalLow\searchquband 
    C:\Users\Liam\AppData\Local\Ilivid Player
    C:\Users\Liam\AppData\Local\Temp\SweetIMReinstall
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

---------------------------------------------
Run Systemlook again to See What We Missed
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    sweetIM
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu Problem

Unread postby harveywarvey » July 7th, 2011, 10:07 am

OTL Extras logfile created on: 7/7/2011 9:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Liam\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 45.82% Memory free
5.86 Gb Paging File | 3.82 Gb Available in Paging File | 65.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.83 Gb Total Space | 298.30 Gb Free Space | 66.02% Space Free | Partition Type: NTFS

Computer Name: TOSHI | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}" = SpyHunter
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"D751CB2FD39EE07639D08542EEF9BF77AD1D9696" = ENE CIR Receiver Driver
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PROHYBRIDR" = 2007 Microsoft Office system
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083947" = Final Drive Nitro
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT084018" = FATE - The Traitor Soul
"Xfire" = Xfire (remove only)
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2011 7:29:54 AM | Computer Name = Toshi | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a00 Start
Time: 01cc3af5c644f19e Termination Time: 32 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 7/5/2011 7:43:04 AM | Computer Name = Toshi | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0xc000000d Faulting process id:
0x56c Faulting application start time: 0x01cc3b087e10ba8d Faulting application path:
C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: f1099509-a6fb-11e0-9c1c-88ae1d4b6412

Error - 7/5/2011 7:43:27 AM | Computer Name = Toshi | Source = Application Hang | ID = 1002
Description = The program Spyhunter4.exe version 4.5.11.3608 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b38 Start
Time: 01cc3b0883ac184b Termination Time: 0 Application Path: C:\Program Files\Enigma
Software Group\SpyHunter\Spyhunter4.exe Report Id: f8941108-a6fb-11e0-9c1c-88ae1d4b6412


Error - 7/5/2011 7:44:38 AM | Computer Name = Toshi | Source = VSS | ID = 8194
Description =

Error - 7/5/2011 7:46:22 AM | Computer Name = Toshi | Source = Application Hang | ID = 1002
Description = The program Spyhunter4.exe version 4.5.11.3608 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1c2c Start
Time: 01cc3b08df1fc1cf Termination Time: 484 Application Path: C:\Program Files\Enigma
Software Group\SpyHunter\Spyhunter4.exe Report Id: 616ace1b-a6fc-11e0-9c1c-88ae1d4b6412


Error - 7/7/2011 7:22:06 AM | Computer Name = Toshi | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4308 (0x10d4) Thread address : 0x77C66344 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
Files\Mcafee\SystemCore\mferkda.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 7/7/2011 7:26:48 AM | Computer Name = Toshi | Source = Windows Activation Technologies | ID = 14
Description = Genuine validation failure: hr = 0x800706BA

Error - 7/7/2011 7:31:24 AM | Computer Name = Toshi | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 10040 (0x2738) Thread address : 0x77C66344 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll

by C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 7/7/2011 7:38:24 AM | Computer Name = Toshi | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4724 (0x1274) Thread address : 0x77C66344 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\RapportPG.sys

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 7/7/2011 9:14:02 AM | Computer Name = Toshi | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x54c Faulting application start time: 0x01cc3ca799154bb2 Faulting application path:
C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: fb1d6914-a89a-11e0-b2e4-88ae1d4b6412

[ Media Center Events ]
Error - 1/9/2011 12:15:04 AM | Computer Name = Toshi | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 1/9/2011 12:16:10 AM | Computer Name = Toshi | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 1/9/2011 12:22:01 AM | Computer Name = Toshi | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 1/9/2011 12:23:38 AM | Computer Name = Toshi | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 1/9/2011 12:33:00 AM | Computer Name = Toshi | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

[ OSession Events ]
Error - 11/24/2010 7:49:31 AM | Computer Name = Toshi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6823
seconds with 660 seconds of active time. This session ended with a crash.

Error - 11/25/2010 6:38:26 AM | Computer Name = Toshi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1799
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/7/2011 9:14:15 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
following error: %%13876

Error - 7/7/2011 9:14:15 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
following error: %%13876

Error - 7/7/2011 9:14:15 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
following error: %%13876

Error - 7/7/2011 9:15:56 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 7/7/2011 9:16:11 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the IKE and AuthIP IPsec Keying
Modules service, but this action failed with the following error: %%1056

Error - 7/7/2011 9:16:11 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 7/7/2011 9:16:11 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the User Profile Service service,
but this action failed with the following error: %%1056

Error - 7/7/2011 9:16:11 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 7/7/2011 9:25:39 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7034
Description = The SpyHunter 4 Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/7/2011 9:25:40 AM | Computer Name = Toshi | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA HDD Protection service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

SystemLook 04.09.10 by jpshortstuff
Log created at 21:55 on 07/07/2011 by Liam
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Users\Liam\Favorites\[Resolved] Searchqu problem.url --a---- 969 bytes [03:26 03/07/2011] [03:26 03/07/2011] 76CA23CF4CF9A53A8B4BD198806FFD97
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GBMVTTH\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [13:05 28/06/2011] [13:05 28/06/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FZ84V0EK\searchqu_net[1].htm --a---- 6278 bytes [03:39 03/07/2011] [03:39 03/07/2011] 6C3068E61994F38C199EB25A89DA6FA9
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GUQSU2NE\how-to-remove-searchqu-uninstall-guide[1].htm --a---- 59836 bytes [03:26 03/07/2011] [03:26 03/07/2011] CB5612CD594C56A8A1E318CCD3FCEC56
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\searchqu.ini --a---- 407 bytes [13:05 28/06/2011] [13:05 28/06/2011] 04F64638A2F40B69488437C25013F168
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [12:30 31/05/2011] [12:30 31/05/2011] B3FE09D2AB12FDF1657D1210E6332FD1
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [13:05 28/06/2011] [13:05 28/06/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@searchqu[2].txt --a---- 502 bytes [08:11 05/07/2011] [08:11 05/07/2011] AAEA57CFBEF62CEFD371094576BF3A1C
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\Favorites\How to Remove Searchqu (Uninstall Guide).url --a---- 1180 bytes [03:38 03/07/2011] [03:38 03/07/2011] 812FD16582CDF89536F3741F80596EEB

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07072011_212539\C_Program Files\iLivid\ilivid.exe --a---- 1941504 bytes [13:07 28/06/2011] [13:53 20/06/2011] 366C02F17990750F6D918CD9FD8FEFDA
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\iLividSetupV1.exe --a---- 2038544 bytes [13:04 28/06/2011] [13:04 28/06/2011] 771FF32613C7108E7BC3D327CFEED888
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XBCYS2M\ilivid[1].7z --a---- 876394 bytes [13:07 28/06/2011] [13:07 28/06/2011] 033D1339378F2B100F646A52014AA42A
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\ilivid.7z --a---- 876394 bytes [13:07 28/06/2011] [13:07 28/06/2011] 033D1339378F2B100F646A52014AA42A
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@ilivid[1].txt --a---- 375 bytes [13:08 28/06/2011] [13:08 28/06/2011] 64076F44502467EB0EB614AE0F1CA2DF
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@stats.ilivid[1].txt --a---- 91 bytes [13:02 28/06/2011] [13:02 28/06/2011] 27D38660852EA338F81A410106B6B26A
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\Downloads\iLividSetupV1.exe --a---- 2038544 bytes [13:04 28/06/2011] [13:04 28/06/2011] 771FF32613C7108E7BC3D327CFEED888

Searching for "*whitesmoke*"
No files found.

Searching for "*sweetIM*"
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYSPISSZ\SweetImSetup.exe --a---- 457520 bytes [06:45 25/06/2011] [06:45 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe --a---- 457520 bytes [06:46 25/06/2011] [06:52 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\liam@sweetim[1].txt --a---- 1570 bytes [08:48 25/06/2011] [11:34 05/07/2011] AADE4E766E497FA8EEE57E944D17F80E
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@sweetim[1].txt --a---- 1098 bytes [06:51 25/06/2011] [06:51 25/06/2011] 96DDAD6BED38C6D48FA9F909DA316311
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[2].txt --a---- 79 bytes [06:45 25/06/2011] [06:45 25/06/2011] 05B215F3DB6503623922192F5C8A1AE4
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Roaming\Microsoft\Windows\Cookies\Low\liam@www.sweetim[3].txt --a---- 92 bytes [06:51 25/06/2011] [06:51 25/06/2011] 9B08C6FAFAAED7AE9E7B03B2F166E06E
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\Downloads\SweetImSetup.exe --a---- 457520 bytes [06:51 25/06/2011] [06:51 25/06/2011] 0287F547951997A4C0B9EB0B0EFFF47D

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\LocalLow\searchquband d------ [13:07 28/06/2011]

Searching for "*iLivid*"
C:\Program Files\iLivid d------ [13:07 28/06/2011]
C:\_OTL\MovedFiles\07072011_212539\C_Program Files\iLivid d------ [13:25 07/07/2011]
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Ilivid Player d------ [13:08 28/06/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*sweetIM*"
C:\_OTL\MovedFiles\07072011_212539\C_Users\Liam\AppData\Local\Temp\SweetIMReinstall d------ [06:46 25/06/2011]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url15"="http://bandoo.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url16"="http://www.bandoo.com/"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
"url15"="http://bandoo.com/"
[HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
"url16"="http://www.bandoo.com/"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "sweetIM"
[HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM]

-= EOF =-
harveywarvey
Active Member
 
Posts: 7
Joined: June 30th, 2011, 7:44 am

Re: Searchqu Problem

Unread postby askey127 » July 7th, 2011, 4:08 pm

harveywarvey,
Just a little left.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Program Files\iLivid
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url15"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url16"=-
    [HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
    "url15"=-
    [HKEY_USERS\S-1-5-21-1007511871-525909101-3150634291-1006\Software\Microsoft\Internet Explorer\TypedURLs]
    "url16"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM]
    
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu Problem

Unread postby harveywarvey » July 8th, 2011, 4:25 am

OTL logfile created on: 7/8/2011 4:17:46 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Liam\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.36% Memory free
5.86 Gb Paging File | 4.14 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.83 Gb Total Space | 297.54 Gb Free Space | 65.85% Space Free | Partition Type: NTFS

Computer Name: TOSHI | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 16:17:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL (2).exe
PRC - [2011/06/27 14:30:00 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/17 17:46:02 | 004,706,208 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2011/05/17 17:45:56 | 000,735,648 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/15 18:18:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/07 05:49:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/04/07 05:48:56 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2010/03/26 04:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/24 10:25:38 | 000,427,320 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
PRC - [2010/03/23 02:21:04 | 000,686,624 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/03/20 05:08:14 | 000,467,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/04 05:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 05:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 03:17:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/24 08:54:04 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2010/02/24 08:53:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2010/02/23 04:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/02/06 08:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/06 08:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010/01/29 07:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/12/26 06:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/11/12 05:31:32 | 000,022,840 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
PRC - [2009/11/06 13:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/06 13:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/22 00:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/09/30 14:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/29 11:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/29 05:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/23 04:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/22 02:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 16:17:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Downloads\OTL (2).exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/17 17:45:56 | 000,735,648 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/21 08:11:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/15 18:18:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/07 05:49:20 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/04 05:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/04 05:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/26 04:06:34 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/02/24 08:53:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/06 08:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/29 07:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/12/04 10:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/06 13:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/22 00:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/07 00:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/29 06:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/11 09:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/21 00:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/13 19:11:33 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/06 09:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/05/19 07:02:40 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/05/09 09:38:56 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/16 06:04:36 | 009,982,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/28 21:25:04 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 19:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 19:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 19:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 19:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/31 12:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/31 08:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/15 06:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 13:13:00 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 07:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/06/30 07:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2009/06/30 01:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/30 01:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/23 08:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 10:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/06/12 04:05:04 | 000,626,688 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009/05/20 12:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008/04/25 09:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/21 09:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 20:34:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/21 09:36:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F24E04FA-5A87-4F08-9C1F-FB0BCF71F0A4}: C:\Users\Liam\AppData\Local\{F24E04FA-5A87-4F08-9C1F-FB0BCF71F0A4} [2011/01/22 12:41:47 | 000,000,000 | ---D | M]

[2011/05/22 08:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liam\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/07/07 21:36:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110518190407.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - Startup: C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a93f1eb5-0ac5-11e0-80f0-88ae1d4b6412}\Shell - "" = AutoRun
O33 - MountPoints2\{a93f1eb5-0ac5-11e0-80f0-88ae1d4b6412}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 16:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/08 13:00:40 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{26DC6CE7-ABB1-4C9C-8530-3ACBCA6888DB}
[2011/07/07 21:25:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/07 21:16:13 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{7ED179E9-3D07-4A71-82D7-039E85C27532}
[2011/07/07 18:06:57 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{65B8B85F-A429-4853-BD1C-0F25F42582FE}
[2011/07/06 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Jak & Daxter
[2011/07/06 20:25:15 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Ratchet & Clank
[2011/07/06 16:10:02 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{A7615E58-84A4-4527-A2B6-DC6663D95033}
[2011/07/05 15:20:54 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{3D3F386E-2E1D-4119-AE25-CC4B5E009D35}
[2011/07/04 15:59:24 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{81083ADC-7E49-487D-B731-CFF4A275C7D1}
[2011/07/03 17:12:26 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2011/07/03 17:12:23 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/07/03 17:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/07/03 10:50:50 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{EE9F617B-DA3F-4FCA-8C9D-01E6D8CB22DE}
[2011/07/03 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{96DD0191-8128-4DC6-AF39-8C4F27193B3E}
[2011/07/02 08:28:03 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{480A01B1-7E2D-47CA-B453-7922EB147728}
[2011/07/01 19:14:49 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{EBFDBDF5-32BA-4FE0-A4EF-5176E9E7510D}
[2011/06/30 21:28:37 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Liam\Desktop\dds.scr
[2011/06/30 17:54:12 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{4E0D694E-8CBD-475B-A578-D03CC25BF0C7}
[2011/06/29 17:57:49 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{5EA4E15A-A148-428B-AD11-1B9D9E414FD3}
[2011/06/28 21:07:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/28 21:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/28 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PackageAware
[2011/06/28 15:33:49 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{350F3087-9CB2-4681-A9C2-10396BE48500}
[2011/06/27 14:26:32 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{83E05942-233C-41F0-A1D0-824BA556D283}
[2011/06/26 18:20:23 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Metroid
[2011/06/26 10:21:34 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{B806C8B0-CCD6-45EE-A48C-E4381DB69399}
[2011/06/25 15:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/25 15:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/25 15:07:18 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Sonic
[2011/06/25 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{A6DB12BE-88F8-4E2E-B183-30BCB17F934C}
[2011/06/25 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\{AFF56E61-A814-47FB-B81E-29B87D9F9BA8}
[2011/06/25 14:57:17 | 000,000,000 | ---D | C] -- C:\Users\Liam\Tracing
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\windows\System32\drivers\RapportKELL.sys
[2011/06/18 08:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/13 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/13 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/09 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\The Legend Of Zelda
[2009/07/14 07:24:44 | 000,365,568 | ---- | C] (Realtek Semiconductor) -- C:\Users\Liam\AppData\Local\_rr_ufuharusaneyulex.dll
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 16:20:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 16:20:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 16:13:07 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/08 16:12:28 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 16:12:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/08 16:12:10 | 2361,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 15:38:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 21:36:40 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/07/05 19:50:19 | 000,075,264 | ---- | M] () -- C:\Users\Liam\Desktop\SystemLook.exe
[2011/07/03 17:12:26 | 000,002,251 | ---- | M] () -- C:\Users\Liam\Desktop\SpyHunter.lnk
[2011/07/03 16:00:31 | 000,000,400 | ---- | M] () -- C:\windows\tasks\vtscheduletask.job
[2011/07/01 19:40:23 | 000,002,297 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/30 21:27:39 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Liam\Desktop\dds.scr
[2011/06/30 19:25:45 | 000,710,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/30 19:25:45 | 000,142,270 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/30 17:50:49 | 000,412,776 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/28 21:36:06 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 15:07:48 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\windows\System32\drivers\RapportKELL.sys
[2011/06/18 08:45:15 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/13 19:39:17 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 19:50:16 | 000,075,264 | ---- | C] () -- C:\Users\Liam\Desktop\SystemLook.exe
[2011/07/03 17:12:26 | 000,002,251 | ---- | C] () -- C:\Users\Liam\Desktop\SpyHunter.lnk
[2011/06/25 15:07:48 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/18 08:45:15 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/18 08:45:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/23 12:13:30 | 000,006,144 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 12:41:51 | 000,000,120 | ---- | C] () -- C:\Users\Liam\AppData\Local\Lsarutapi.dat
[2011/01/22 12:41:51 | 000,000,000 | ---- | C] () -- C:\Users\Liam\AppData\Local\Lpopequkive.bin
[2011/01/09 12:14:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/19 00:45:47 | 000,010,240 | ---- | C] () -- C:\windows\System32\drivers\mdvrmng.sys
[2010/11/21 09:26:25 | 000,165,535 | ---- | C] () -- C:\windows\hpoins38.dat
[2010/11/20 18:22:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/12 16:44:16 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/07/12 16:01:47 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/07/12 15:59:06 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2010/07/12 15:56:40 | 000,002,204 | ---- | C] () -- C:\windows\System32\drivers\RtPCEE3.DAT
[2010/07/12 15:56:40 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010/07/12 15:56:40 | 000,000,712 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/07/12 15:56:40 | 000,000,712 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/07/12 15:56:40 | 000,000,048 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/07/12 15:53:39 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/04/15 19:46:10 | 000,241,516 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2010/04/15 19:46:00 | 000,465,512 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010/01/19 19:49:54 | 000,466,944 | ---- | C] () -- C:\windows\System32\RemoveDevice.dll
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:33:53 | 000,412,776 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,710,400 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,142,270 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/05 08:59:42 | 000,000,622 | ---- | C] () -- C:\windows\hpomdl38.dat
[2009/04/28 19:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2008/10/08 00:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/08 00:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/08 00:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2007/06/14 08:14:12 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/06/14 08:13:34 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2010/12/12 09:02:03 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\ACD Systems
[2010/12/19 00:46:24 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\Birdstep Technology
[2011/07/07 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\go
[2011/03/07 09:25:20 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\NAVIGON Fresh
[2011/07/08 15:57:52 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\SoftGrid Client
[2010/11/20 15:30:23 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\Tific
[2011/03/06 13:20:25 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\Toshiba
[2010/12/22 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\TP
[2010/11/29 21:08:29 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\Trusteer
[2010/11/21 08:09:05 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\WildTangent
[2010/11/20 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Liam\AppData\Roaming\WinBatch
[2011/07/08 16:12:19 | 000,032,580 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/07/03 16:00:31 | 000,000,400 | ---- | M] () -- C:\windows\Tasks\vtscheduletask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
askey127,

The machine seems to be running fine, I hope that this is near the final fix for it.

Kind regards

harveywarvey
harveywarvey
Active Member
 
Posts: 7
Joined: June 30th, 2011, 7:44 am

Re: Searchqu Problem

Unread postby askey127 » July 8th, 2011, 7:07 am

harveywarvey,
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 26 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license
Select the link for your Platform Windows x86 offline (or Windows 64-bit if your machine is 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus(It's just adware) or any extra toolbars.
When it finishes, you can remove the Installer from your desktop.
------------------------------------------------------------
Open OTL again and click the CleanUp button.

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchqu Problem

Unread postby harveywarvey » July 8th, 2011, 9:19 pm

I have loaded Java and run OTL and the machine is running really well.

Thank you very much for your help, it is much appreciated.

Kind regards

harveywarvey
harveywarvey
Active Member
 
Posts: 7
Joined: June 30th, 2011, 7:44 am

Re: Searchqu Problem

Unread postby askey127 » July 9th, 2011, 8:03 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware